ci: scan a docker image by triby

yutaro-sakamoto · Dec 7, 2024 · 6241336 · 6241336
1 parent 7d14851
commit 6241336
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.github/workflows/server-app.yml b/.github/workflows/server-app.yml
@@ -34,3 +34,13 @@ jobs:
       #- name: Run tests
       #  if: ${{ github.event.inputs.run_tests }}
       #  run: ./gradlew test
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: cobol4j-aws-web:latest
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'