From be841ab6702a181b5321e7675850fbfa31646445 Mon Sep 17 00:00:00 2001 From: Tobias Trabelsi Date: Mon, 6 Oct 2025 09:27:19 +0200 Subject: [PATCH] feat(): add trivy --- .gitea/workflows/main.yaml | 9 +++++++++ .gitea/workflows/pr.yaml | 11 ++++++++++- .gitea/workflows/release.yaml | 9 +++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/main.yaml b/.gitea/workflows/main.yaml index 899078d..ef3c7b5 100644 --- a/.gitea/workflows/main.yaml +++ b/.gitea/workflows/main.yaml @@ -17,6 +17,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: diff --git a/.gitea/workflows/pr.yaml b/.gitea/workflows/pr.yaml index 1501876..1e6e06d 100644 --- a/.gitea/workflows/pr.yaml +++ b/.gitea/workflows/pr.yaml @@ -14,6 +14,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: @@ -31,4 +40,4 @@ jobs: file: ./Dockerfile push: false tags: | - lerentis/canada-kaktus:latest \ No newline at end of file + lerentis/canada-kaktus:latest diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index df96bd9..4922f42 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -14,6 +14,15 @@ jobs: go-version: '1.24.x' - name: Test with the Go CLI run: go test ./... + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' Build_Image: runs-on: ubuntu-latest steps: