name: Trivy vulnerability scanner on: push: branches: - master pull_request: jobs: build: name: Build runs-on: ubuntu-latest steps: - name: Set up Go 1.x uses: actions/setup-go@v5 with: go-version: 1.22.4 id: go - name: Checkout code uses: actions/checkout@v4 - name: Build an image from Dockerfile run: | export PUBLISH=true export REGISTRY=test export IMAGE_VERSION=latest export DOCKER_CLI_EXPERIMENTAL=enabled make container - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: 'test/azurefile-csi:latest' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'