Skip to content

Merge pull request #75 from k8sstormcenter/ddelnano/remove-k8s-direct… #513

Merge pull request #75 from k8sstormcenter/ddelnano/remove-k8s-direct…

Merge pull request #75 from k8sstormcenter/ddelnano/remove-k8s-direct… #513

Workflow file for this run

---
name: trivy-fs
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: "50 22 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
code-scan:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# v0.36.0 released 2026-04-22 (post-incident). Internally SHA-pins
# setup-trivy@3fb12ec = Aqua's safe v0.2.6 per GHSA-69fq-xp46-6x23.
- uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
- run: |
jq '.runs[].tool.driver.name = "trivy-fs"' < trivy-results.sarif > tmp
mv tmp trivy-results.sarif
- uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
with:
sarif_file: 'trivy-results.sarif'
category: trivy-fs