1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-08-07 22:25:19 +02:00
AdventureLog/.github/workflows/trivy_security_scans.yml

75 lines
1.9 KiB
YAML

name: Trivy Security Scans
on:
push:
branches:
- main
- development
pull_request:
branches:
- main
- development
schedule:
- cron: "0 8 * * 1" # Weekly scan on Mondays at 8 AM UTC
jobs:
filesystem-scan:
name: Trivy Filesystem Scan (Source Code)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Scan source code (Filesystem) with Trivy
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: .
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
image-scan:
name: Trivy Docker Image Scan (Backend & Frontend)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Optional login step (remove if you're not pushing images to GHCR)
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build backend Docker image
run: docker build -t adventurelog-backend ./backend
- name: Build frontend Docker image
run: docker build -t adventurelog-frontend ./frontend
- name: Scan backend Docker image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: adventurelog-backend
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
- name: Scan frontend Docker image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: adventurelog-frontend
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH