From 850caf46b0d094a9a7cb1fca4d03b54602da9ad7 Mon Sep 17 00:00:00 2001 From: Dan Alima Date: Sat, 30 Dec 2023 16:48:49 +0200 Subject: [PATCH] upload trivy-results.sarif to GitHub Security, and tag Docker image --- .github/workflows/maven-build.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 2e3a3a4d9..699769735 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -32,14 +32,19 @@ jobs: - name: Package the project as a runnable Docker image run: ./mvnw spring-boot:build-image - - name: Set up JFrog CLI - uses: jfrog/setup-jfrog-cli@v3 - name: Scan the project with your preferred SCA tool uses: aquasecurity/trivy-action@master with: - image-ref: 'docker.io/library/spring-petclinic:3.2.0-SNAPSHOT' - format: 'table' - exit-code: '1' + image-ref: 'docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment' + format: 'sarif' + output: 'trivy-results.sarif' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + - name: Tag Docker image + run: docker tag docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment my_repo/spring-petclinic:3.2.0-JFrog_Assignment