fix(spdmlib/session): clear backup flags and transcript hashes on reset #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trivy Security Scan | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Run weekly to catch newly disclosed vulnerabilities | |
| - cron: "0 6 * * 1" | |
| permissions: | |
| contents: read | |
| jobs: | |
| vulnerability-scan: | |
| name: Vulnerability Scan (fs) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: recursive | |
| - name: Apply patch | |
| shell: bash | |
| run: ./sh_script/pre-build.sh | |
| - name: Run Trivy filesystem scan | |
| uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 | |
| with: | |
| scan-type: fs | |
| scan-ref: . | |
| format: sarif | |
| output: trivy-fs-results.sarif | |
| severity: CRITICAL,HIGH | |
| # Skip test key material | |
| skip-dirs: test_key | |
| - name: Upload Trivy SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 | |
| if: always() | |
| with: | |
| sarif_file: trivy-fs-results.sarif | |
| category: trivy-fs | |
| config-scan: | |
| name: Config & IaC Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: recursive | |
| - name: Run Trivy config scan | |
| uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 | |
| with: | |
| scan-type: config | |
| scan-ref: . | |
| format: sarif | |
| output: trivy-config-results.sarif | |
| severity: CRITICAL,HIGH,MEDIUM | |
| # Skip test key material | |
| skip-dirs: test_key | |
| - name: Upload Trivy config SARIF to GitHub Security | |
| uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 | |
| if: always() | |
| with: | |
| sarif_file: trivy-config-results.sarif | |
| category: trivy-config |