feat(): add trivy

2025-10-06 09:27:19 +02:00
parent 2cf3cb70d2
commit be841ab670
3 changed files with 28 additions and 1 deletions
--- a/.gitea/workflows/main.yaml
+++ b/.gitea/workflows/main.yaml
@@ -17,6 +17,15 @@ jobs:
          go-version: '1.24.x'
      - name: Test with the Go CLI
        run: go test ./...
+      - name: Run Trivy vulnerability scanner 
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
  Build_Image:
    runs-on: ubuntu-latest
    steps:
--- a/.gitea/workflows/pr.yaml
+++ b/.gitea/workflows/pr.yaml
@@ -14,6 +14,15 @@ jobs:
          go-version: '1.24.x'
      - name: Test with the Go CLI
        run: go test ./...
+      - name: Run Trivy vulnerability scanner 
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
  Build_Image:
    runs-on: ubuntu-latest
    steps:
@@ -31,4 +40,4 @@ jobs:
            file: ./Dockerfile
            push: false
            tags: |
-              lerentis/canada-kaktus:latest
+              lerentis/canada-kaktus:latest
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -14,6 +14,15 @@ jobs:
          go-version: '1.24.x'
      - name: Test with the Go CLI
        run: go test ./...
+      - name: Run Trivy vulnerability scanner 
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
  Build_Image:
    runs-on: ubuntu-latest
    steps: