imagescan_action

2025-12-13 22:23:34 +01:00
parent e8b604914b
commit ac0ff6465e
1 changed files with 4 additions and 25 deletions
--- a/.gitea/workflows/trivy_scan_image.yml
+++ b/.gitea/workflows/trivy_scan_image.yml
@@ -16,31 +16,10 @@ env:
 jobs:
  release-image:
    runs-on: ubuntu-latest
-
+    container: aquasec/trivy:latest
    steps:
      - name: Scan image with trivy
-        uses: aquasecurity/trivy-action@0.33.1
-        with:
-          image-ref: "${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}"
-          scan-type: image
-          hide-progress: false
-          ignore-unfixed: true
-          severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
-          scanners: "vuln,misconfig,secrets"
-          output: trivy.txt
-        env:
-          TRIVY_USERNAME: "${{ env.user }}"
-          TRIVY_PASSWORD: "${{ secrets.DOCKER_PULL_TOKEN }}"
-      - name: Publish Trivy Output to Summary
        run: |
-          if [[ -s trivy.txt ]]; then
-            {
-              echo "### Security Output"
-              echo "<details><summary>Click to expand</summary>"
-              echo ""
-              echo '```terraform'
-              cat trivy.txt
-              echo '```'
-              echo "</details>"
-            } >> $GITHUB_STEP_SUMMARY
-          fi
+          trivy image --username ${{ env.user }} --password ${{ secrets.DOCKER_PULL_TOKEN }} --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}