From 55a0144e4fb32aeab76385a159ded60e133cb3dc Mon Sep 17 00:00:00 2001 From: Neil Hanlon Date: Tue, 29 Mar 2022 09:31:34 -0400 Subject: [PATCH] Modify scanning (#13) Scan the non-library image which is more up to date Upload files to a github pages branch for public viewing --- .github/workflows/scan.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 2041cd0..5045df5 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -18,7 +18,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'docker.io/library/rockylinux:8' + image-ref: 'docker.io/rockylinux/rockylinux:8' format: 'sarif' output: 'trivy-results.sarif' exit-code: '1' @@ -31,22 +31,26 @@ jobs: if: always() with: sarif_file: 'trivy-results.sarif' + + - name: Create public folder + run: | + mkdir -p public/ - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master if: always() with: - image-ref: 'docker.io/library/rockylinux:8' - format: 'table' - output: 'trivy-results' + image-ref: 'docker.io/rockylinux/rockylinux:8' + template: '@contrib/html.tpl' + output: 'public/index.html' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM' - - name: Save scan results as an artifact - uses: actions/upload-artifact@v3 - if: always() + - name: Save scan results to github pages + uses: peaceiris/actions-gh-pages@v3 + if: ${{ github.ref == 'refs/heads/main' }} with: - name: 'trivy-results' - path: 'trivy-results' + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./public