senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/.github/workflows/trivy-fs.yml
senke fcdf7cc386 ci: simplify workflows for Forgejo self-hosted runner 
- Rewrite ci.yml: replace TMT with direct go test/lint/build commands,
  remove E2E jobs (need docker compose infra, run locally instead)
- Replace third-party actions with CLI equivalents:
  gitleaks-action → gitleaks CLI, trivy-action → trivy CLI,
  actions-rust-lang/audit → cargo audit, CodeQL → disabled
- Disable 18 non-essential workflows (cloud services, DinD, staging):
  chromatic, cd, container-scan, zap-dast, visual-regression,
  mutation-testing, performance, load-test, etc.
- Keep 8 core workflows: ci, backend-ci, frontend-ci, rust-ci,
  stream-ci, security-scan, trivy-fs, go-fuzz

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 20:08:37 +02:00

24 lines
649 B
YAML
Raw Blame History

name: Trivy Filesystem Scan
on:
pull_request:
branches: [main]
workflow_dispatch:
env:
GIT_SSL_NO_VERIFY: "true"
jobs:
trivy-scan:
name: Trivy FS Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Trivy
run: |
wget -qO- https://github.com/aquasecurity/trivy/releases/download/v0.58.1/trivy_0.58.1_Linux-64bit.tar.gz | tar xz
chmod +x trivy
- name: Scan filesystem
run: ./trivy fs --severity HIGH,CRITICAL --exit-code 1 .
Reference in a new issue View git blame Copy permalink