name: Trivy on: workflow_dispatch: schedule: - cron: "0 6 * * *" jobs: quarkus-dist: name: Vulnerability scanner for Quarkus distribution images runs-on: "ubuntu-18.04" steps: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac with: image-ref: 'quay.io/keycloak/keycloak:nightly' format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' severity: 'MEDIUM,CRITICAL,HIGH' ignore-unfixed: true - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2.1.28 with: sarif_file: 'trivy-results.sarif' legacy-dist: name: Vulnerability scanner for WildFly distribution images runs-on: "ubuntu-18.04" steps: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac with: image-ref: 'quay.io/keycloak/keycloak:legacy' format: 'template' template: '@/contrib/sarif.tpl' output: 'legacy-results.sarif' severity: 'MEDIUM,CRITICAL,HIGH' ignore-unfixed: true - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2.1.28 with: sarif_file: 'legacy-results.sarif' keycloak-operator: name: Vulnerability scanner for Keycloak Operator distribution images runs-on: "ubuntu-18.04" steps: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac with: image-ref: 'quay.io/keycloak/keycloak-operator:nightly' format: 'template' template: '@/contrib/sarif.tpl' output: 'operator-results.sarif' severity: 'MEDIUM,CRITICAL,HIGH' ignore-unfixed: true - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2.1.28 with: sarif_file: 'operator-results.sarif'