pixie/.github/workflows/trivy_fs.yaml at 63518954ef020d7ccc55c9d1261aebb05aba04da · pixie-io/pixie · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
---
name: trivy-fs
on:
  push:
    branches:
    - main
  pull_request:
    branches:
    - main
  schedule:
  - cron: "50 22 * * *"
concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
permissions:
  contents: read
jobs:
  code-scan:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
    - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
      with:
        scan-type: 'fs'
        ignore-unfixed: true
        format: 'sarif'
        output: 'trivy-results.sarif'
    - run: |
        jq '.runs[].tool.driver.name = "trivy-fs"' < trivy-results.sarif > tmp
        mv tmp trivy-results.sarif
    - uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841  # v3.28.13
      with:
        sarif_file: 'trivy-results.sarif'
        category: trivy-fs