Update main.yml

seequent · Mar 24, 2024 · 5cc24dc · 5cc24dc
1 parent cff5053
commit 5cc24dc
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -23,7 +23,21 @@ jobs:
           ignore-unfixed: true
           severity: "CRITICAL,HIGH"
           timeout: 10m
-
-
+      - name: Run Trivy vulnerability scanner - machine readable output
+        uses: aquasecurity/[email protected]
+        continue-on-error: true
+        with:
+          scan-type: "fs"
+          scan-ref: '.'
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          severity: "CRITICAL,HIGH"
+          output: 'trivy-results.sarif'
+          timeout: 10m
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'