Merge pull request #5387 from cisagov/cis-graph-dark-mode #2559

	name: Trivy Scanner

	on:
	pull_request:
	push:
	branches:
	- develop
	schedule:
	- cron: "0 21 * * 0"

	permissions:
	contents: read
	security-events: write

	jobs:
	dotnet:
	name: .NET Analysis
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- uses: actions/setup-dotnet@v5
	with:
	dotnet-version: "8.0.x"

	- name: dotnet backend
	run: dotnet build CSETWebApi/CSETWeb_Api/CSETWeb_Api.sln

	- name: Run vulnerability scanner
	uses: aquasecurity/trivy-action@0.34.0
	with:
	format: sarif
	output: trivy-dotnet-results.sarif
	scan-type: fs
	scan-ref: ./CSETWebApi
	scanners: vuln
	severity: CRITICAL,HIGH


	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: 'trivy-dotnet-results.sarif'

	nodejs:
	name: Node.js Analysis
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- name: Run vulnerability scanner
	uses: aquasecurity/trivy-action@0.34.0
	with:
	format: sarif
	output: trivy-nodejs-results.sarif
	scan-type: fs
	scan-ref: ./CSETWebNg
	severity: CRITICAL,HIGH

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: 'trivy-nodejs-results.sarif'

Provide feedback