ballerina-module-strict-library/.github/workflows/trivy-scan.yml at main · wso2/ballerina-module-strict-library · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: Trivy

on:
  workflow_dispatch:
  schedule:
    - cron: "30 20 * * *"

jobs:
  ubuntu-build:
    name: Build on Ubuntu
    runs-on: ubuntu-22.04
    if: github.repository_owner == 'wso2'
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          distribution: "temurin"
          java-version: 21.0.3

      - name: Build with Gradle
        env:
          packageUser: ${{ github.actor }}
          packagePAT: ${{ secrets.GITHUB_TOKEN }}
        run: ./gradlew build -x test

      - name: Create lib directory if not exists
        run: mkdir -p ballerina/lib

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        env:
          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
        with:
          scan-type: "rootfs"
          scan-ref: "${{ github.workspace }}/ballerina/lib"
          format: "table"
          timeout: "10m0s"
          exit-code: "1"
          scanners: "vuln"
          cache-dir: "/tmp/trivy-cache"