keycloak-scim/.github/workflows/trivy-analysis.yml

name: Trivy
on:
  workflow_dispatch:
  schedule:
    - cron: "0 6 * * *"

jobs:
  quarkus-dist:
    name: Vulnerability scanner for Quarkus distribution images
    runs-on: "ubuntu-18.04"
    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
        with:
          image-ref: 'quay.io/keycloak/keycloak:nightly'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
          severity: 'MEDIUM,CRITICAL,HIGH'
          ignore-unfixed: true

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2.1.29
        with:
          sarif_file: 'trivy-results.sarif'

  legacy-dist:
    name: Vulnerability scanner for WildFly distribution images
    runs-on: "ubuntu-18.04"
    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
        with:
          image-ref: 'quay.io/keycloak/keycloak:legacy'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'legacy-results.sarif'
          severity: 'MEDIUM,CRITICAL,HIGH'
          ignore-unfixed: true

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2.1.29
        with:
          sarif_file: 'legacy-results.sarif'

  keycloak-operator:
    name: Vulnerability scanner for Keycloak Operator distribution images
    runs-on: "ubuntu-18.04"
    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
        with:
          image-ref: 'quay.io/keycloak/keycloak-operator:nightly'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'operator-results.sarif'
          severity: 'MEDIUM,CRITICAL,HIGH'
          ignore-unfixed: true

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2.1.29
        with:
          sarif_file: 'operator-results.sarif'
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`name: Trivy`
			`on:`
			`workflow_dispatch:`
			`schedule:`
Trigger Trivy workflow after the build of our nightly images Resolves #11011 2022-03-30 13:59:34 +00:00			`- cron: "0 6 * * *"`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00
			`jobs:`
			`quarkus-dist:`
			`name: Vulnerability scanner for Quarkus distribution images`
			`runs-on: "ubuntu-18.04"`
			`steps:`
			`- name: Run Trivy vulnerability scanner`
Bump aquasecurity/trivy-action from 0.6.2 to 0.7.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.2 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/cb606dfdb0d2b3698ace62192088ef4f5360b24f...d63413b0a4a4482237085319f7f4a1ce99a8f2ac) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2022-08-20 15:14:18 +00:00			`uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`image-ref: 'quay.io/keycloak/keycloak:nightly'`
			`format: 'template'`
			`template: '@/contrib/sarif.tpl'`
			`output: 'trivy-results.sarif'`
			`severity: 'MEDIUM,CRITICAL,HIGH'`
			`ignore-unfixed: true`

			`- name: Upload Trivy scan results to GitHub Security tab`
Bump github/codeql-action from 2.1.28 to 2.1.29 (#15217) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.28...v2.1.29) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2022-11-03 05:08:32 +00:00			`uses: github/codeql-action/upload-sarif@v2.1.29`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`sarif_file: 'trivy-results.sarif'`

			`legacy-dist:`
			`name: Vulnerability scanner for WildFly distribution images`
			`runs-on: "ubuntu-18.04"`
			`steps:`
			`- name: Run Trivy vulnerability scanner`
Bump aquasecurity/trivy-action from 0.6.2 to 0.7.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.2 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/cb606dfdb0d2b3698ace62192088ef4f5360b24f...d63413b0a4a4482237085319f7f4a1ce99a8f2ac) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2022-08-20 15:14:18 +00:00			`uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`image-ref: 'quay.io/keycloak/keycloak:legacy'`
			`format: 'template'`
			`template: '@/contrib/sarif.tpl'`
			`output: 'legacy-results.sarif'`
			`severity: 'MEDIUM,CRITICAL,HIGH'`
			`ignore-unfixed: true`

			`- name: Upload Trivy scan results to GitHub Security tab`
Bump github/codeql-action from 2.1.28 to 2.1.29 (#15217) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.28...v2.1.29) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2022-11-03 05:08:32 +00:00			`uses: github/codeql-action/upload-sarif@v2.1.29`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`sarif_file: 'legacy-results.sarif'`

			`keycloak-operator:`
			`name: Vulnerability scanner for Keycloak Operator distribution images`
			`runs-on: "ubuntu-18.04"`
			`steps:`
			`- name: Run Trivy vulnerability scanner`
Bump aquasecurity/trivy-action from 0.6.2 to 0.7.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.2 to 0.7.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/cb606dfdb0d2b3698ace62192088ef4f5360b24f...d63413b0a4a4482237085319f7f4a1ce99a8f2ac) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2022-08-20 15:14:18 +00:00			`uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`image-ref: 'quay.io/keycloak/keycloak-operator:nightly'`
			`format: 'template'`
			`template: '@/contrib/sarif.tpl'`
			`output: 'operator-results.sarif'`
			`severity: 'MEDIUM,CRITICAL,HIGH'`
			`ignore-unfixed: true`

			`- name: Upload Trivy scan results to GitHub Security tab`
Bump github/codeql-action from 2.1.28 to 2.1.29 (#15217) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.28...v2.1.29) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2022-11-03 05:08:32 +00:00			`uses: github/codeql-action/upload-sarif@v2.1.29`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
			`sarif_file: 'operator-results.sarif'`