8000 GitHub - aquasecurity/trivy-action at 0.0.8
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

aquasecurity/trivy-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
docs/images
docs/images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 

Repository files navigation

Trivy Action

GitHub Action for Trivy

GitHub Release GitHub Marketplace License

Table of Contents

Usage

Workflow

name: build
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  build:
    name: Build
    runs-on: ubuntu-18.04
    steps:
      - name: Setup Go
        uses: actions/setup-go@v1
        with:
          go-version: 1.14
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Build an image from Dockerfile
        run: |
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
      - name: Run vulnerability scanner
        uses: aquasecurity/trivy-action@0.0.7
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH'

Using Trivy with GitHub Code Scanning

If you have GitHub code scanning available you can use Trivy as a scanning tool as follows:

name: build
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  build:
    name: Build
    runs-on: ubuntu-18.04
    steps:
      - name: Setup Go
        uses: actions/setup-go@v1
        with:
          go-version: 1.14
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1
      - name: Build an image from Dockerfile
        run: |
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
      - name: Run vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
      - name: Upload Trivy scan results to Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: 'trivy-results.sarif'

You can find a more in-depth example here: https://github.com/aquasecurity/trivy-sarif-demo

Customizing

inputs

Following inputs can be used as step.with keys:

Name Type Default Description
image-ref String Image reference, e.g. alpine:3.10.2
format String table Output format (table, json, template)
template String Output template (@/contrib/sarif.tpl, @/contrib/gitlab.tpl, @/contrib/junit.tpl)
output String Save results to a file
exit-code String 0 Exit code when vulnerabilities were found
ignore-unfixed Boolean false Ignore unpatched/unfixed vulnerabilities
severity String UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL Severities of vulnerabilities to be displayed

About

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Topics

security tools scanner vulnerability scanning devsecops github-actions

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

967 stars

Watchers

13 watching

Forks

259 forks
Report repository

Releases 68

v0.30.0 Latest
Mar 14, 2025
+ 67 releases

Used by 26.5k

  • @azumag
  • @bcgov
  • @Onyx-Go
  • @Louranicas
  • @seenibu
  • @Pasch0
  • @Moonlet
  • @xyd945
+ 26,480

Contributors 74

+ 60 contributors

Languages
0