feat(cd*): Added trivy scanning

1 files changed, 17 insertions, 1 deletions

diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml
index 9610ca9..2390770 100644
--- a/.github/workflows/cd-dev.yml
+++ b/.github/workflows/cd-dev.yml
@@ -10,7 +10,6 @@ jobs:
   Create-and-release-dev-container:
     name: Build the dev docker container image and push it to dockerhub
     runs-on: ubuntu-latest
-    needs: Build
     steps:
       - uses: actions/checkout@v4
       - uses: dawidd6/action-download-artifact@v6
@@ -29,3 +28,20 @@ jobs:
           context: .
           file: ./docker/dev/Dockerfile
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest
+
+  Test-Trivy:
+    name: Scan development docker container with trivy
+    runs-on: ubuntu-latest
+    needs: Create-and-release-dev-container
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'