From 5f4a74c533450d0a34fd39f0281f1b0b547e8ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 24 Feb 2023 15:30:29 +0100 Subject: [PATCH 1/2] remove old scan --- .github/workflows/trivy-scheduled.yml | 56 --------------------------- 1 file changed, 56 deletions(-) delete mode 100644 .github/workflows/trivy-scheduled.yml diff --git a/.github/workflows/trivy-scheduled.yml b/.github/workflows/trivy-scheduled.yml deleted file mode 100644 index befbeef1f..000000000 --- a/.github/workflows/trivy-scheduled.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Trivy: Scan remote image on GHCR on schedule -# Trivy (pronunciation) is a comprehensive and versatile security scanner. -# Trivy has scanners that look for security issues, -# and targets where it can find those issues. -# https://github.com/aquasecurity/trivy -# --------------------------------- -name: Trivy - ghcr image scan -on: - pull_request: - workflow_dispatch: - branches: - - master - - dev - schedule: - - cron: "0 7,13 * * *" -jobs: - scan: - permissions: - contents: read - security-events: write - name: Build - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Ensure lowercase name - run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV - - - name: Run Trivy on latest release image - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev" - format: "sarif" - output: "trivy-master.sarif" - severity: "CRITICAL,HIGH" - - - name: Upload Trivy scan results to master branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-master.sarif" - category: trivy-master - - - name: Run Trivy on latest dev image - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev" - format: "sarif" - output: "trivy-dev.sarif" - severity: "CRITICAL,HIGH" - - - name: Upload Trivy scan results to dev branch GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-dev.sarif" - category: trivy-dev From e4481a5e7e0c4ea19f1fa1729b2e9bcceb9bd710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ina=20Od=C3=A9n=20=C3=96sterbo?= Date: Fri, 24 Feb 2023 15:31:40 +0100 Subject: [PATCH 2/2] change to dev in dev trivy scan --- .github/workflows/trivy-scheduled-dev.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml index 6b473ee5a..256dd6b95 100644 --- a/.github/workflows/trivy-scheduled-dev.yml +++ b/.github/workflows/trivy-scheduled-dev.yml @@ -31,11 +31,11 @@ jobs: with: image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev" format: "sarif" - output: "trivy-results-master.sarif" + output: "trivy-results-dev.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to dev branch GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: "trivy-results-master.sarif" - category: trivy-master + sarif_file: "trivy-results-dev.sarif" + category: trivy-dev