Skip to content
Snippets Groups Projects
Unverified Commit 49e15945 authored by Márk Sági-Kazár's avatar Márk Sági-Kazár Committed by GitHub
Browse files

Merge pull request #2387 from dexidp/trivy-scan 

ci: run trivy scan on container image
parents 373bddaf 12a904af
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
.github/workflows/docker.yaml
+ 15
0
View file @ 49e15945
...@@ -92,3 +92,18 @@ jobs: ...@@ -92,3 +92,18 @@ jobs:
org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
org.opencontainers.image.documentation=https://dexidp.io/docs/ org.opencontainers.image.documentation=https://dexidp.io/docs/
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.1
with:
image-ref: "ghcr.io/dexidp/dex:${{ steps.tags.outputs.version }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
if: github.event_name == 'push'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: "trivy-results.sarif"
if: github.event_name == 'push'
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment