forked from stacklok/codegate
-
Notifications
You must be signed in to change notification settings - Fork 0
27 lines (24 loc) · 783 Bytes
/
security.yml
File metadata and controls
27 lines (24 loc) · 783 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
name: Security
on:
workflow_call:
schedule:
- cron: '0 0 * * *'
jobs:
dependencies:
runs-on: ubuntu-latest
name: Dependencies & Secrets Scan via Trivy
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Code Security Scan
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
with:
scan-type: 'fs'
scanners: vuln,secret
trivy-config: .trivy.yml
exit-code: 1
ignore-unfixed: true
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}