@@ -159,7 +159,7 @@ jobs:
159159 with :
160160 sarif_file : ' snyk.sarif'
161161 scan :
162- name : " Trivy (sarif) "
162+ name : " Trivy"
163163 runs-on : ubuntu-latest
164164 needs : build
165165 permissions :
@@ -178,40 +178,24 @@ jobs:
178178 docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
179179 docker image ls -a
180180
181- name : Run Trivy vulnerability scanner
181+ name : Run Trivy vulnerability scanner (cli report)
182+ uses :
aquasecurity/[email protected] 183+ with :
184+ image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
185+ format : ' table'
186+ env :
187+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
188+
189+ - name : Run Trivy vulnerability scanner (sarif report)
182190 uses :
aquasecurity/[email protected] 183191 with :
184192 image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
185193 format : ' sarif'
186194 output : ' trivy-results.sarif'
195+ env :
196+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
187197
188198 - name : Upload Trivy scan results to GitHub Security tab
189199 uses : github/codeql-action/upload-sarif@v3
190200 with :
191201 sarif_file : ' trivy-results.sarif'
192- env :
193- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
194-
195- report :
196- name : " Trivy (report)"
197- runs-on : ubuntu-latest
198- needs : build
199- steps :
200- - name : Download artifact
201- uses : actions/download-artifact@v4
202- with :
203- name : ${{ env.ARTIFACT_NAME }}_prod
204- path : /tmp/
205-
206- - name : Load image
207- run : |
208- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
209- docker image ls -a
210-
211- name : Run Trivy vulnerability scanner
212- uses :
aquasecurity/[email protected] 213- with :
214- image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
215- format : ' table'
216- env :
217- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments