kalvinparker
2 months ago
1 changed files with 34 additions and 0 deletions
@ -0,0 +1,34 @@ |
|||||
|
name: Automated Security Gates |
||||
|
|
||||
|
on: |
||||
|
push: |
||||
|
branches: [ main, master ] |
||||
|
pull_request: |
||||
|
branches: [ main, master ] |
||||
|
|
||||
|
jobs: |
||||
|
build-and-scan: |
||||
|
runs-on: ubuntu-latest |
||||
|
steps: |
||||
|
- name: Checkout Code |
||||
|
uses: actions/checkout@v4 |
||||
|
|
||||
|
- name: Automated Vulnerability Scan (Trivy) |
||||
|
uses: aquasecurity/trivy-action@0.33.1 |
||||
|
with: |
||||
|
scan-type: 'fs' |
||||
|
ignore-unfixed: true |
||||
|
format: 'sarif' |
||||
|
output: 'trivy-results.sarif' |
||||
|
exit-code: '1' |
||||
|
|
||||
|
- name: Upload SARIF results to GitHub Code Scanning |
||||
|
uses: github/code-scanning-action/upload-sarif@v2 |
||||
|
with: |
||||
|
sarif_file: 'trivy-results.sarif' |
||||
|
|
||||
|
- name: Upload Trivy SARIF artifact |
||||
|
uses: actions/upload-artifact@v4 |
||||
|
with: |
||||
|
name: trivy-sarif |
||||
|
path: trivy-results.sarif |
||||
Loading…
Reference in new issue