@@ -157,7 +157,7 @@ jobs:
157157 with :
158158 sarif_file : " snyk.sarif"
159159 scan :
160- name : " Trivy (sarif) "
160+ name : " Trivy"
161161 runs-on : ubuntu-latest
162162 needs : build
163163 permissions :
@@ -176,40 +176,24 @@ jobs:
176176 docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
177177 docker image ls -a
178178
179- name : Run Trivy vulnerability scanner
179+ name : Run Trivy vulnerability scanner (cli report)
180+ uses :
aquasecurity/[email protected] 181+ with :
182+ image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
183+ format : " table"
184+ env :
185+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
186+
187+ - name : Run Trivy vulnerability scanner (sarif report)
180188 uses :
aquasecurity/[email protected] 181189 with :
182190 image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
183191 format : " sarif"
184192 output : " trivy-results.sarif"
193+ env :
194+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
185195
186196 - name : Upload Trivy scan results to GitHub Security tab
187197 uses : github/codeql-action/upload-sarif@v3
188198 with :
189199 sarif_file : " trivy-results.sarif"
190- env :
191- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
192-
193- report :
194- name : " Trivy (report)"
195- runs-on : ubuntu-latest
196- needs : build
197- steps :
198- - name : Download artifact
199- uses : actions/download-artifact@v4
200- with :
201- name : ${{ env.ARTIFACT_NAME }}_prod
202- path : /tmp/
203-
204- - name : Load image
205- run : |
206- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
207- docker image ls -a
208-
209- name : Run Trivy vulnerability scanner
210- uses :
aquasecurity/[email protected] 211- with :
212- image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
213- format : " table"
214- env :
215- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments