diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml index e7e182f..6f8c917 100644 --- a/.github/workflows/trivy_scan.yml +++ b/.github/workflows/trivy_scan.yml @@ -123,6 +123,55 @@ jobs: format: 'sarif' output: 'trivy-results.sarif' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + scan_psql_init: + name: scan_psql_init + runs-on: ubuntu-20.04 + steps: + + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build an image from Dockerfile + run: | + docker build -t keitaro/psql-init:${{ github.sha }} -f ./images/psql-init/Dockerfile ./images/psql-init/ + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'keitaro/psql-init:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + + scan_datapusher: + name: scan_datapusher + runs-on: ubuntu-20.04 + steps: + + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build an image from Dockerfile + run: | + docker build -t keitaro/datapusher:${{ github.sha }} -f ./images/datapusher/Dockerfile ./images/datapusher/ + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'keitaro/datapusher:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: