valitydev/java-workflow
14
0
Fork 0
mirror of https://github.com/valitydev/java-workflow.git synced 2024-11-06 01:25:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add trivy job #49 from valitydev/trivy

Browse Source
This commit is contained in:
AydarN 2023-10-11 10:37:12 +03:00 committed by GitHub
commit e4d9962267
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/maven-library-build.yml vendored
View File

@ -67,3 +67,4 @@ jobs:
- name: Upload code coverage
uses: codecov/codecov-action@v3

19
.github/workflows/maven-service-build.yml vendored
View File

@ -31,7 +31,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Build Java
uses: valitydev/action-jdk-build@v0.0.14
uses: valitydev/action-jdk-build@trivy
with:
jdk-version: ${{ inputs.java-version }}
jdk-distribution: ${{ inputs.java-distribution }}
@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Build Java
uses: valitydev/action-jdk-build@v0.0.14
uses: valitydev/action-jdk-build@trivy
with:
jdk-version: ${{ inputs.java-version }}
jdk-distribution: ${{ inputs.java-distribution }}
@ -54,3 +54,18 @@ jobs:
- name: Upload code coverage
uses: codecov/codecov-action@v3
scan:
name: Scan with Trivy
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Trivy CLI
run: |
wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
- uses: actions/download-artifact@v3
with:
name: bom.json
- name: Run Trivy with SBOM
run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json