Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2025-12-06 11:36:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Migrate from Trivy to Docker scout

Browse Source
This commit is contained in:
Arunavo Ray
2025-06-15 14:11:45 +05:30
parent 546bda8514
commit 2ec55c6070
1 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/workflows/docker-scan.yml vendored
View File

@@ -22,6 +22,7 @@ permissions:
contents: read contents: read
actions: read actions: read
security-events: write security-events: write
pull-requests: write # Required for Docker Scout PR comments
jobs: jobs:
scan: scan:
@@ -47,30 +48,28 @@ jobs:
# Disable GitHub Actions cache for this workflow # Disable GitHub Actions cache for this workflow
no-cache: true no-cache: true
- name: Run Trivy vulnerability scanner - name: Docker Scout vulnerability scan
uses: aquasecurity/trivy-action@0.28.0 uses: docker/scout-action@v1
with: with:
image-ref: gitea-mirror:scan command: cves
format: 'sarif' image: gitea-mirror:scan
output: 'trivy-results.sarif' sarif-file: scout-results.sarif
exit-code: '1' summary: true
ignore-unfixed: false exit-code: true
vuln-type: 'os,library' only-severities: critical,high
severity: 'CRITICAL,HIGH' write-comment: true
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Docker Scout scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
if: always() if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: scout-results.sarif
- name: Run Trivy vulnerability scanner (table output) - name: Docker Scout policy evaluation
uses: aquasecurity/trivy-action@0.28.0 uses: docker/scout-action@v1
if: failure() if: always()
with: with:
image-ref: gitea-mirror:scan command: policy
format: 'table' image: gitea-mirror:scan
exit-code: '0' exit-code: false
ignore-unfixed: false write-comment: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'