From e30adc1e956117cb8cf4cb8b0c21f5b37858d30f Mon Sep 17 00:00:00 2001 From: Dan Alima Date: Sat, 30 Dec 2023 23:54:28 +0200 Subject: [PATCH] replace Trivy with JFrog SCA --- .github/workflows/maven-build.yml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 4662145e9..a56e9f184 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -60,15 +60,10 @@ jobs: jf rt build-publish - name: Scan the project with your preferred SCA tool - uses: aquasecurity/trivy-action@master - with: - image-ref: 'danvid.jfrog.io/assignment-docker/spring-petclinic:${{ github.sha }}' - format: 'sarif' - output: 'trivy-results.sarif' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_URL: ${{ secrets.JF_URL }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + - run: | + jf scan danvid.jfrog.io/assignment-docker/spring-petclinic:${{ github.sha }} + \ No newline at end of file