mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2025-07-22 07:45:49 +00:00
upload trivy-results.sarif to GitHub Security, and tag Docker image
This commit is contained in:
parent
823f7a88e4
commit
850caf46b0
1 changed files with 10 additions and 5 deletions
15
.github/workflows/maven-build.yml
vendored
15
.github/workflows/maven-build.yml
vendored
|
@ -32,14 +32,19 @@ jobs:
|
|||
|
||||
- name: Package the project as a runnable Docker image
|
||||
run: ./mvnw spring-boot:build-image
|
||||
- name: Set up JFrog CLI
|
||||
uses: jfrog/setup-jfrog-cli@v3
|
||||
- name: Scan the project with your preferred SCA tool
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: 'docker.io/library/spring-petclinic:3.2.0-SNAPSHOT'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
image-ref: 'docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment'
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
ignore-unfixed: true
|
||||
vuln-type: 'os,library'
|
||||
severity: 'CRITICAL,HIGH'
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
|
||||
- name: Tag Docker image
|
||||
run: docker tag docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment my_repo/spring-petclinic:3.2.0-JFrog_Assignment
|
||||
|
|
Loading…
Reference in a new issue