Create SECURITY.md #78
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trivy Vulnerability and IaC Scanning | |
| on: | |
| push: | |
| branches: | |
| - main # Triggers the workflow on push events to the main branch. | |
| jobs: | |
| trivy-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v2 | |
| - name: Install Trivy | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y apt-transport-https gnupg lsb-release | |
| curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| - name: Scan the filesystem in the repository and output results | |
| run: | | |
| trivy fs . > filesystem-scan-report.txt | |
| continue-on-error: true | |
| - name: Upload Filesystem Scan Report | |
| uses: actions/upload-artifact@v2 | |
| if: always() | |
| with: | |
| name: Filesystem-Scan-Report | |
| path: filesystem-scan-report.txt | |
| - name: Scan the Git repository and output results | |
| run: | | |
| trivy repo https://github.com/${{ github.repository }} > git-repo-scan-report.txt | |
| continue-on-error: true | |
| - name: Upload Git Repository Scan Report | |
| uses: actions/upload-artifact@v2 | |
| if: always() | |
| with: | |
| name: Git-Repo-Scan-Report | |
| path: git-repo-scan-report.txt | |
| - name: Scan Infrastructure as Code (IaC) files and output results | |
| run: | | |
| trivy config . > iac-scan-report.txt | |
| continue-on-error: true | |
| - name: Upload IaC Scan Report | |
| uses: actions/upload-artifact@v2 | |
| if: always() | |
| with: | |
| name: IaC-Scan-Report | |
| path: iac-scan-report.txt |