diff options
Diffstat (limited to '.github/workflows/cd-dev.yml')
| -rw-r--r-- | .github/workflows/cd-dev.yml | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml index 9610ca9..2390770 100644 --- a/.github/workflows/cd-dev.yml +++ b/.github/workflows/cd-dev.yml @@ -10,7 +10,6 @@ jobs: Create-and-release-dev-container: name: Build the dev docker container image and push it to dockerhub runs-on: ubuntu-latest - needs: Build steps: - uses: actions/checkout@v4 - uses: dawidd6/action-download-artifact@v6 @@ -29,3 +28,20 @@ jobs: context: . file: ./docker/dev/Dockerfile tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest + + Test-Trivy: + name: Scan development docker container with trivy + runs-on: ubuntu-latest + needs: Create-and-release-dev-container + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' |