Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

trivy-plugin-kubectl #23

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

trivy-plugin-kubectl #23

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 23 additions & 45 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,50 +1,28 @@
name: tf-visualizer-action-test
name: build
on:
push:
branches:
- master
pull_request:
jobs:
tfsec:
name: tfsec PR commenter
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
build:
name: Build
runs-on: ubuntu-20.04
steps:
- name: Clone repo
uses: actions/checkout@master
- name: tfsec
uses: aquasecurity/tfsec-pr-commenter-action@v1.3.1
- name: Checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
working_directory: ''
tfsec_args: --soft-fail
github_token: ${{ github.token }}
# create_issue:
# runs-on: ubuntu-latest
# permissions:
# issues: write
# steps:
# - name: Create issue using REST API
# run: |
# curl --request POST \
# --url https://api.github.com/repos/${{ github.repository }}/issues \
# --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
# --header 'content-type: application/json' \
# --data '{
# "title": "Automated issue for commit: ${{ github.sha }}",
# "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_."
# }' \
# --fail
# hello_world_job:
# runs-on: ubuntu-latest
# permissions:
# contents: read
# pull-requests: write
# name: A job to say hello
# steps:
# - name: pull_request
# run: echo ${{github.event.pull_request.url}}
# - name: Hello world action step
# id: hello
# uses: fatihtokus/[email protected]
# with:
# pull-request: ${{github.event.pull_request.url}}
# github-token: ${{ github.token }}
scan-type: 'config'
hide-progress: false
format: 'json'
output: 'trivy.json'
exit-code: '1'
ignore-unfixed: true
- name: Upload math result for job 1
if: always()
uses: actions/upload-artifact@v3
with:
name: results
path: trivy.json