diff --git a/.gitea/workflows/main.yaml b/.gitea/workflows/main.yaml index 899078d..ef3c7b5 100644 --- a/.gitea/workflows/main.yaml +++ b/.gitea/workflows/main.yaml @@ -17,6 +17,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: diff --git a/.gitea/workflows/pr.yaml b/.gitea/workflows/pr.yaml index 1501876..1e6e06d 100644 --- a/.gitea/workflows/pr.yaml +++ b/.gitea/workflows/pr.yaml @@ -14,6 +14,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: @@ -31,4 +40,4 @@ jobs: file: ./Dockerfile push: false tags: | - lerentis/canada-kaktus:latest \ No newline at end of file + lerentis/canada-kaktus:latest diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index df96bd9..4922f42 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -14,6 +14,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: