23 lines
708 B
YAML
23 lines
708 B
YAML
name: Run Trivy Image Scanner
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
image:
|
|
description: 'The image to test'
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
build-go:
|
|
runs-on: docker
|
|
container:
|
|
image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/pipeline-container/trivy:0.56.2
|
|
steps:
|
|
- name: Clone Repository
|
|
uses: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/checkout@main
|
|
- name: Run trivy image scan
|
|
run: |
|
|
set -e
|
|
TRIVY_INSECURE=true trivy image --scanners license,vuln,secret ${{ inputs.image }}
|
|
TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig ${{ inputs.image }}
|