Scan Docker image with Trivy

jsgiraldoh28 · jsgiraldoh28 · commit a7b64adfa61c · 2025-09-26T11:12:49.000-05:00
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -45,6 +45,15 @@ jobs:
     - name: Build Docker image
       run: docker build -f dockerfile/Dockerfile -t my-app-image:${{ github.sha }} dockerfile/
 
+    - name: Scan Docker image with Trivy
+      uses: aquasecurity/trivy-action@v0.28.0
+      with:
+        image-ref: my-app-image:${{ github.sha }}
+        format: table
+        severity: CRITICAL,HIGH
+        exit-code: 1
+        vuln-type: os,library
+
     - name: Run Docker container
       run: |
         # arranca en background y asigna nombre para poder pararlo después
