senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/.github/workflows/trivy-fs.yml
senke ce3b92a0c1 ci: fix duplicate env block in staging-validation workflow 
Merge SSL env vars into existing env block instead of creating a
duplicate (YAML doesn't allow duplicate top-level keys).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 14:51:10 +02:00

45 lines
1.3 KiB
YAML
Raw Blame History

name: Trivy Filesystem Scan
on:
pull_request:
branches: [main]
env:
GIT_SSL_NO_VERIFY: "true"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
jobs:
trivy-scan:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
severity: "CRITICAL,HIGH"
exit-code: "1"
format: "table"
- name: Run Trivy (SARIF output)
if: always()
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
severity: "CRITICAL,HIGH"
exit-code: "0"
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy SARIF
if: always()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: trivy-results
path: trivy-results.sarif
retention-days: 30
Reference in a new issue View git blame Copy permalink