@@ -154,7 +154,7 @@ jobs:
154154 with :
155155 sarif_file : ' snyk.sarif'
156156 scan :
157- name : " Trivy (sarif) "
157+ name : " Trivy"
158158 runs-on : ubuntu-latest
159159 needs : build
160160 steps :
@@ -169,40 +169,24 @@ jobs:
169169 docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
170170 docker image ls -a
171171
172- name : Run Trivy vulnerability scanner
172+ name : Run Trivy vulnerability scanner (cli report)
173+ uses :
aquasecurity/[email protected] 174+ with :
175+ image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
176+ format : ' table'
177+ env :
178+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
179+
180+ - name : Run Trivy vulnerability scanner (sarif report)
173181 uses :
aquasecurity/[email protected] 174182 with :
175183 image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
176184 format : ' sarif'
177185 output : ' trivy-results.sarif'
186+ env :
187+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
178188
179189 - name : Upload Trivy scan results to GitHub Security tab
180190 uses : github/codeql-action/upload-sarif@v3
181191 with :
182192 sarif_file : ' trivy-results.sarif'
183- env :
184- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
185-
186- report :
187- name : " Trivy (report)"
188- runs-on : ubuntu-latest
189- needs : build
190- steps :
191- - name : Download artifact
192- uses : actions/download-artifact@v4
193- with :
194- name : ${{ env.ARTIFACT_NAME }}_prod
195- path : /tmp/
196-
197- - name : Load image
198- run : |
199- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
200- docker image ls -a
201-
202- name : Run Trivy vulnerability scanner
203- uses :
aquasecurity/[email protected] 204- with :
205- image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
206- format : ' table'
207- env :
208- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments