@@ -169,7 +169,7 @@ jobs:
169169 with :
170170 sarif_file : ' snyk.sarif'
171171 scan :
172- name : " Trivy (sarif) "
172+ name : " Trivy"
173173 runs-on : ubuntu-latest
174174 needs : build
175175 permissions :
@@ -188,40 +188,24 @@ jobs:
188188 docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
189189 docker image ls -a
190190
191- name : Run Trivy vulnerability scanner
191+ name : Run Trivy vulnerability scanner (cli report)
192+ uses : aquasecurity/trivy-action@0.24.0
193+ with :
194+ image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
195+ format : ' table'
196+ env :
197+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
198+
199+ - name : Run Trivy vulnerability scanner (sarif report)
192200 uses : aquasecurity/trivy-action@0.24.0
193201 with :
194202 image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
195203 format : ' sarif'
196204 output : ' trivy-results.sarif'
205+ env :
206+ TRIVY_DB_REPOSITORY : ${{ vars.TRIVY_DB_REPOSITORY }}
197207
198208 - name : Upload Trivy scan results to GitHub Security tab
199209 uses : github/codeql-action/upload-sarif@v3
200210 with :
201211 sarif_file : ' trivy-results.sarif'
202- env :
203- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
204-
205- report :
206- name : " Trivy (report)"
207- runs-on : ubuntu-latest
208- needs : build
209- steps :
210- - name : Download artifact
211- uses : actions/download-artifact@v4
212- with :
213- name : ${{ env.ARTIFACT_NAME }}_prod
214- path : /tmp/
215-
216- - name : Load image
217- run : |
218- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
219- docker image ls -a
220-
221- name : Run Trivy vulnerability scanner
222- uses : aquasecurity/trivy-action@0.24.0
223- with :
224- image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
225- format : ' table'
226- env :
227- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments