migrate to the another docker scanning action (#66)

2024-08-30 18:22:40 +00:00 · 2022-02-21 16:48:35 +05:00 · 2022-02-21 16:48:35 +05:00 · 8a14836bd1
commit 8a14836bd1
parent ae2bf27463
2 changed files with 11 additions and 11 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -182,21 +182,24 @@ jobs: # Docs: <https://git.io/JvxXE>
    runs-on: ubuntu-20.04
    needs: [docker-image]
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2 # is needed for `upload-sarif` action

      - uses: actions/download-artifact@v2
        with:
          name: docker-image
          path: .artifact

-      - working-directory: .artifact
-        run: docker load < docker-image.tar
-
-      - uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
+      - uses: aquasecurity/trivy-action@0.2.2 # action page: <https://github.com/aquasecurity/trivy-action>
        with:
-          image: app:ci
-          fail-build: true
-          severity-cutoff: low # negligible, low, medium, high or critical
+          input: .artifact/docker-image.tar
+          format: sarif
+          severity: MEDIUM,HIGH,CRITICAL
+          exit-code: 1
+          output: trivy-results.sarif
+
+      - uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with: {sarif_file: trivy-results.sarif}

  poke-docker-image:
    name: Run the docker image
--- a/.grype.yaml
+++ b/.grype.yaml
@ -1,3 +0,0 @@
-ignore:
-  # temporary ignore this CVE as false positive on the Go package
-  - vulnerability: CVE-2015-5237