tofu-modules-aws-cloudfront-redirect/.github/workflows/trivy.yaml at 477c88584e5402d03708e03b9d2118d745740fda · codeforamerica/tofu-modules-aws-cloudfront-redirect · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: Trivy Analysis

on:
  push:
  pull_request:
    branches:
      - main

permissions:
  contents: read
  security-events: write

jobs:
  trivy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout source code
        uses: actions/checkout@v6
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.33.1
        with:
          format: sarif
          output: trivy-results.sarif
          scan-type: config
          trivy-config: trivy.yaml
      - name: Parse SARIF file for annotations
        if: always()
        uses: jontyms/sarif-annotations@v0.0.3
        with:
          annotation-level: notice
          sarif-file: trivy-results.sarif
      - name: Upload SARIF result
        if: always()
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: trivy-results.sarif