mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	ci: add trivy workflow (#3997)
* ci: add trivy workflow to ensure critical and high vulnerabilties are detected quickly * push trivy-action to 0.13.1
This commit is contained in:
		
							
								
								
									
										43
									
								
								.github/workflows/trivy.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								.github/workflows/trivy.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| name: trivy | ||||
|  | ||||
| on: | ||||
|   push: | ||||
|     branches: | ||||
|       - main | ||||
|       - release-build-revision | ||||
|     tags: | ||||
|       - '*' | ||||
|   pull_request: | ||||
|     branches: [ "main" ] | ||||
|   schedule: | ||||
|     - cron: '00 12 * * *' | ||||
|  | ||||
| permissions: | ||||
|   contents: read | ||||
|  | ||||
| jobs: | ||||
|   trivy-scan: | ||||
|     name: Check | ||||
|     runs-on: ubuntu-22.04 | ||||
|     timeout-minutes: 30 | ||||
|     permissions: | ||||
|       contents: read | ||||
|       security-events: write | ||||
|       actions: read | ||||
|     steps: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||||
|  | ||||
|       - name: Run Trivy vulnerability scanner | ||||
|         uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # v0.13.1 | ||||
|         with: | ||||
|           scan-type: repo | ||||
|           ignore-unfixed: true | ||||
|           format: sarif | ||||
|           output: trivy-results.sarif | ||||
|           severity: CRITICAL,HIGH | ||||
|  | ||||
|       - name: Upload Trivy scan results to GitHub Security tab | ||||
|         uses: github/codeql-action/upload-sarif@bad341350a2f5616f9e048e51360cedc49181ce8 # v2.22.4 | ||||
|         with: | ||||
|           sarif_file: 'trivy-results.sarif' | ||||
		Reference in New Issue
	
	Block a user