File tree Expand file tree Collapse file tree 2 files changed +73
-0
lines changed Expand file tree Collapse file tree 2 files changed +73
-0
lines changed Original file line number Diff line number Diff line change 1+ name : CI_pull
2+
3+ on :
4+ pull_request :
5+ branches : [master]
6+
7+ env :
8+ CARGO_TERM_COLOR : always
9+
10+ jobs :
11+ Vulnerability-test :
12+ runs-on : ubuntu-latest
13+ steps :
14+ - name : Checkout code
15+ uses : actions/checkout@v2
16+
17+ - name : Run Trivy vulnerability scanner in repo mode
18+ uses : aquasecurity/trivy-action@master
19+ with :
20+ scan-type : " fs"
21+ ignore-unfixed : true
22+ format : " table"
23+ output : " Trivy-table"
24+ severity : " LOW,MEDIUM,HIGH,CRITICAL"
25+ exit-code : " 1"
26+
27+ - if : failure()
28+ uses : actions/github-script@v5
29+ with :
30+ script : |
31+ var data = require('fs').readFileSync("Trivy-table").toString();
32+ Trivyresult=""
33+ Trivyresult=Trivyresult.concat("```",data,"```");
34+ github.rest.issues.createComment({
35+ issue_number: context.issue.number,
36+ owner: context.repo.owner,
37+ repo: context.repo.repo,
38+ body: `
39+ # Vulnerability Found!
40+ ${Trivyresult}
41+ `
42+ })
Original file line number Diff line number Diff line change 1+ name : CI_push
2+
3+ on :
4+ push :
5+ branches : [ master ]
6+
7+ env :
8+ CARGO_TERM_COLOR : always
9+
10+ jobs :
11+
12+ Upload-result :
13+ runs-on : ubuntu-latest
14+ steps :
15+ - name : Checkout code
16+ uses : actions/checkout@v2
17+
18+ - name : Run Trivy vulnerability scanner in repo mode
19+ uses : aquasecurity/trivy-action@master
20+ with :
21+ scan-type : ' fs'
22+ ignore-unfixed : true
23+ format : ' template'
24+ output : ' trivy-results.sarif'
25+ template : ' @/contrib/sarif.tpl'
26+ severity : ' LOW,MEDIUM,HIGH,CRITICAL'
27+
28+ - name : Upload Trivy scan results to GitHub Security-tab
29+ uses : github/codeql-action/upload-sarif@v1
30+ with :
31+ sarif_file : ' trivy-results.sarif'
You can’t perform that action at this time.
0 commit comments