keycloak-scim/.github/workflows/trivy-analysis.yml

name: Trivy

on:
  schedule:
    - cron: 0 6 * * *
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:

  analysis:
    name: Vulnerability scanner for nightly containers
    runs-on: ubuntu-latest
    if: github.repository == 'keycloak/keycloak'
    strategy:
      matrix:
        container: [keycloak, keycloak-operator]
      fail-fast: false
    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
        with:
          image-ref: quay.io/keycloak/${{ matrix.container}}:nightly
          format: template
          template: '@/contrib/sarif.tpl'
          output: trivy-results.sarif
          severity: MEDIUM,CRITICAL,HIGH
          ignore-unfixed: true

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2.1.39
        with:
          sarif_file: trivy-results.sarif
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`name: Trivy`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`on:`
			`schedule:`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`- cron: 0 6 * * *`
			`workflow_dispatch:`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`defaults:`
			`run:`
			`shell: bash`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`jobs:`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`analysis:`
			`name: Vulnerability scanner for nightly containers`
			`runs-on: ubuntu-latest`
			`if: github.repository == 'keycloak/keycloak'`
			`strategy:`
			`matrix:`
			`container: [keycloak, keycloak-operator]`
			`fail-fast: false`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`steps:`
			`- name: Run Trivy vulnerability scanner`
Bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d63413b0a4a4482237085319f7f4a1ce99a8f2ac...9ab158e8597f3b310480b9a69402b419bc03dbd5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2022-11-17 01:55:51 +00:00			`uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`image-ref: quay.io/keycloak/${{ matrix.container}}:nightly`
			`format: template`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`template: '@/contrib/sarif.tpl'`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`output: trivy-results.sarif`
			`severity: MEDIUM,CRITICAL,HIGH`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`ignore-unfixed: true`

			`- name: Upload Trivy scan results to GitHub Security tab`
Bump github/codeql-action from 2.1.38 to 2.1.39 (#16562) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.1.38...v2.1.39) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-01-23 07:17:45 +00:00			`uses: github/codeql-action/upload-sarif@v2.1.39`
Automatic scan Keycloak docker image for vulnerabilities (#10777) * Automatic scan Keycloak docker image for vulnerabilities The changes proposed here will run Trivy scanner twice a day to search vulnerabilities into our main images. Resolves #10764 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Update .github/workflows/trivy-analysis.yml Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Stian Thorgersen <stian@redhat.com> 2022-03-29 14:17:20 +00:00			`with:`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`sarif_file: trivy-results.sarif`