Security Scan #244

	name: Security Scan

	on:
	workflow_dispatch:
	schedule:
	- cron: '16 23 * * *'

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	- name: Login to Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.DOCKER_REGISTRY }}
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	logout: true

	- name: Pull Image
	run: docker pull "${{ vars.IMAGE }}:latest"

	- name: Run trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "${{ vars.IMAGE }}:latest"
	format: "table"
	exit-code: "1"
	ignore-unfixed: true
	severity: "LOW,MEDIUM,HIGH,CRITICAL"
	env:
	TRIVY_DB_REPOSITORY: aquasec/trivy-db:2
	TRIVY_JAVA_DB_REPOSITORY: aquasec/trivy-java-db:1

	- name: Try to start build workflow if trivy failed
	if: ${{ failure() }}
	run: \|
	curl -X POST -u ${{ secrets.PAT }} -H "Accept: application/vnd.github.v3+json" -d '{"ref":"refs/heads/main"}' https://api.github.com/repos/${GITHUB_REPOSITORY}/actions/workflows/ci.yml/dispatches

Provide feedback