Update Trivy-secrete-scan.yaml

Author: xdxxxdx

.github/workflows/Trivy-secrete-scan.yaml

@@ -1,30 +1,32 @@
-name: build
+name: Code Scanning
+
 on:
   push:
     branches:
       - main
-  pull_request:
+
+permissions:
+  actions: read
+  security-events: write
+
 jobs:
-  build:
-    name: Build
+  code-scanning:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.28.0
-        with:
-          scan-type: 'fs'
-          ignore-unfixed: true
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL'
+      - name: Run Trivy
+        env:
+          TRIVY_IGNORE_UNFIXED: true
+          TRIVY_SEVERITY: CRITICAL
+          TRIVY_FORMAT: sarif
+          TRIVY_OUTPUT: trivy-results.sarif
+        run: |
+          trivy fs --ignore-unfixed --severity CRITICAL --format sarif --output trivy-results.sarif .
 
-      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload SARIF
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: trivy-results.sarif
+          token: ${{ secrets.GITHUB_TOKEN }}