aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade GitHub actions (#374)

Browse Source 
* Upgrade Github checkout action

* Upgrade Github upload-sarif action

* Upgrade Github checkout action - Pipeline
This commit is contained in:
Oussama Bounaim
2024-10-02 22:41:43 +02:00
committed by GitHub
parent 97646fedde
commit 89b14e517d
3 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/bump-trivy.yaml
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
bump: bump:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Update Trivy versions - name: Update Trivy versions
run: | run: |
sed -r -i "s/ghcr.io\/aquasecurity\/trivy:[0-9]+\.[0-9]+\.[0-9]+/ghcr.io\/aquasecurity\/trivy:${{ inputs.trivy_version }}/" Dockerfile sed -r -i "s/ghcr.io\/aquasecurity\/trivy:[0-9]+\.[0-9]+\.[0-9]+/ghcr.io\/aquasecurity\/trivy:${{ inputs.trivy_version }}/" Dockerfile
README.md
+22 -22
View File
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v3
- name: Build an image from Dockerfile - name: Build an image from Dockerfile
run: | run: |
docker build -t docker.io/my-organization/my-app:${{ github.sha }} . docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
@@ -64,7 +64,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in fs mode - name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -109,7 +109,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Generate tarball from image - name: Generate tarball from image
run: | run: |
@@ -138,7 +138,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Build an image from Dockerfile - name: Build an image from Dockerfile
run: | run: |
@@ -152,7 +152,7 @@ jobs:
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -173,7 +173,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Build an image from Dockerfile - name: Build an image from Dockerfile
run: | run: |
@@ -187,7 +187,7 @@ jobs:
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
if: always() if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
@@ -212,7 +212,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode - name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -224,7 +224,7 @@ jobs:
severity: 'CRITICAL' severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -246,7 +246,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner with rootfs command - name: Run Trivy vulnerability scanner with rootfs command
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -259,7 +259,7 @@ jobs:
severity: 'CRITICAL' severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -281,7 +281,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in IaC mode - name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -295,7 +295,7 @@ jobs:
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -325,7 +325,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -399,7 +399,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -412,7 +412,7 @@ jobs:
TRIVY_PASSWORD: Password TRIVY_PASSWORD: Password
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -435,7 +435,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -449,7 +449,7 @@ jobs:
AWS_DEFAULT_REGION: us-west-2 AWS_DEFAULT_REGION: us-west-2
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -471,7 +471,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -483,7 +483,7 @@ jobs:
GOOGLE_APPLICATION_CREDENTIAL: /path/to/credential.json GOOGLE_APPLICATION_CREDENTIAL: /path/to/credential.json
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
@@ -504,7 +504,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0 uses: aquasecurity/trivy-action@0.20.0
@@ -517,7 +517,7 @@ jobs:
TRIVY_PASSWORD: Password TRIVY_PASSWORD: Password
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
``` ```
workflow.yml
+2 -2
View File
@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v3
- name: Build an image from Dockerfile - name: Build an image from Dockerfile
run: | run: |
@@ -29,6 +29,6 @@ jobs:
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'