Trivy Nightly Docker Scan #1719

Workflow file for this run

.github/workflows/trivy-docker.yaml at 4f9c238

	name: Trivy Nightly Docker Scan

	on:
	# Run scans if the workflow is modified, in order to test the
	# workflow itself. This results in some spurious notifications,
	# but seems okay for testing.
	pull_request:
	branches:
	- main
	paths:
	- .github/workflows/trivy-docker.yaml

	# Run scans against master whenever changes are merged.
	push:
	branches:
	- main
	paths:
	- .github/workflows/trivy-docker.yaml

	schedule:
	- cron: "15 10 * * *"

	workflow_dispatch:

	permissions:
	actions: none
	checks: none
	contents: read
	deployments: none
	issues: none
	packages: none
	pull-requests: none
	repository-projects: none
	security-events: write
	statuses: none

	# Cancel in-progress runs for pull requests when developers push
	# additional changes, and serialize builds in branches.
	# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}

	jobs:
	trivy-scan-image:
	runs-on: ubuntu-22.04

	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Run Trivy vulnerability scanner in image mode
	uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # latest
	with:
	image-ref: "docker.io/codercom/code-server:latest"
	ignore-unfixed: true
	format: "sarif"
	output: "trivy-image-results.sarif"
	severity: "HIGH,CRITICAL"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
	with:
	sarif_file: "trivy-image-results.sarif"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trivy Nightly Docker Scan #1719

Workflow file

Trivy Nightly Docker Scan #1719

Uh oh!

Workflow file for this run