From 624133636c01ada572d50a9f0a151705ee92c73c Mon Sep 17 00:00:00 2001
From: Yutaro Sakamoto <yutaro-sakamoto@yutaro-sakamoto.com>
Date: Sat, 7 Dec 2024 18:49:30 +0900
Subject: [PATCH] ci: scan a docker image by triby

---
 .github/workflows/server-app.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/server-app.yml b/.github/workflows/server-app.yml
index d53d584..41b9df7 100644
--- a/.github/workflows/server-app.yml
+++ b/.github/workflows/server-app.yml
@@ -34,3 +34,13 @@ jobs:
       #- name: Run tests
       #  if: ${{ github.event.inputs.run_tests }}
       #  run: ./gradlew test
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: cobol4j-aws-web:latest
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'