third/plugin-drone-ssh
1
0
Fork 0
mirror of https://github.com/appleboy/drone-ssh.git synced 2026-06-14 22:11:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

ci(docker): add Trivy image scan before pushing Docker image

Browse Source 
- Add Trivy vulnerability scanner step before Docker image push
- Upload SARIF results to GitHub Security tab
This commit is contained in:
Bo-Yi Wu
2026-04-16 18:10:07 +08:00
parent 5f79a61f89
commit ed85f7ef5e
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/docker.yml
+15
View File
@@ -75,6 +75,21 @@ jobs:
load: true load: true
tags: drone-ssh:scan tags: drone-ssh:scan
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@v0.35.0
with:
image-ref: "drone-ssh:scan"
format: "sarif"
output: "trivy-image-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
if: always()
with:
sarif_file: "trivy-image-results.sarif"
category: "trivy-docker-image"
- name: Build and push - name: Build and push
if: success() if: success()
uses: docker/build-push-action@v7 uses: docker/build-push-action@v7