keycloak-scim/.github/workflows/trivy-analysis.yml
dependabot[bot] 9561d287d9
Bump github/codeql-action from 2.1.25 to 2.1.26 (#14690)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.1.25...v2.1.26)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 06:58:49 +02:00

63 lines
2.1 KiB
YAML

name: Trivy
on:
workflow_dispatch:
schedule:
- cron: "0 6 * * *"
jobs:
quarkus-dist:
name: Vulnerability scanner for Quarkus distribution images
runs-on: "ubuntu-18.04"
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: 'quay.io/keycloak/keycloak:nightly'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.26
with:
sarif_file: 'trivy-results.sarif'
legacy-dist:
name: Vulnerability scanner for WildFly distribution images
runs-on: "ubuntu-18.04"
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: 'quay.io/keycloak/keycloak:legacy'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'legacy-results.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.26
with:
sarif_file: 'legacy-results.sarif'
keycloak-operator:
name: Vulnerability scanner for Keycloak Operator distribution images
runs-on: "ubuntu-18.04"
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
with:
image-ref: 'quay.io/keycloak/keycloak-operator:nightly'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'operator-results.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2.1.26
with:
sarif_file: 'operator-results.sarif'