refactor: Update Trivy vulnerability scanner workflow to use JSON for…

…mat for reports and include separate reports for file system and configuration scans
Azure · Sep 11, 2024 · 58fc715 · 58fc715
1 parent 93aea2c
commit 58fc715
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -26,19 +26,19 @@ jobs:
           scan-type: 'fs'
           ignore-unfixed: true
           scan-ref: .
-          format: 'table'
+          format: 'json'
+          scanners: 'vuln,secret,config'
           output: report-fs.sarif
-          severity: 'HIGH,CRITICAL'
 
       - name: Run Trivy vulnerability scanner (config)
         uses: aquasecurity/trivy-action@0.24.0
         with:
           scan-type: 'config'
           ignore-unfixed: true
           scan-ref: .
-          format: 'table'
+          format: 'json'
+          scanners: 'vuln,secret,config'
           output: report-config.sarif
-          severity: 'HIGH,CRITICAL'
 
       # - name: Upload Trivy report (fs) GitHub Security
       #   uses: github/codeql-action/upload-sarif@v3