mirror of
https://github.com/aquasecurity/trivy-action.git
synced 2026-05-14 03:02:40 +00:00
DmitriyLewen
e368e32897
* ci: add zizmor security linter for GitHub Actions * ci: disable advanced-security for zizmor * ci: pin all actions to commit hashes * ci: fix zizmor linter errors in workflows - Add explicit permissions blocks to all workflows - Set persist-credentials: false for checkout actions - Fix template injection by using env variables in run blocks * fix: address zizmor template injection warnings in action.yaml - Move inputs to env block to prevent template injection - Add ignore comment for github-env false positive * ci: fix remaining zizmor linter errors - Add permissions and persist-credentials to test.yaml - Fix ignore comment placement for github-env in action.yaml
33 lines
923 B
YAML
33 lines
923 B
YAML
name: Sync Trivy Checks
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
env:
|
|
IMAGE_NAME: ${{ github.repository_owner }}/trivy-checks-act
|
|
REGISTRY: ghcr.io
|
|
|
|
jobs:
|
|
sync-trivy-checks:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: setup-oras
|
|
uses: oras-project/setup-oras@8d34698a59f5ffe24821f0b48ab62a3de8b64b20 # v1.2.3
|
|
|
|
- name: Login to GitHub Packages Container registry
|
|
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Copy Trivy Checks
|
|
run: |
|
|
oras cp ghcr.io/aquasecurity/trivy-checks:2 "${REGISTRY}/${IMAGE_NAME}:latest"
|