imagescan_action

2025-12-13 22:31:16 +01:00
parent ac0ff6465e
commit ed4bc37f68
1 changed files with 7 additions and 2 deletions
--- a/.gitea/workflows/trivy_scan_image.yml
+++ b/.gitea/workflows/trivy_scan_image.yml
@@ -14,12 +14,17 @@ env:
  user: tebarius

 jobs:
-  release-image:
+  trivy_cimage_scan:
    runs-on: ubuntu-latest
    container: aquasec/trivy:latest
    steps:
      - name: Scan image with trivy
        run: |
-          trivy image --username ${{ env.user }} --password ${{ secrets.DOCKER_PULL_TOKEN }} --exit-code 1 \
+          trivy image \
+          --username ${{ env.user }} \
+          --password ${{ secrets.DOCKER_PULL_TOKEN }} \
+          --exit-code 1 \
          --scanners vuln,misconfig,secret \
+          --severity MEDIUM,HIGH,CRITICAL \
+          --ignore-unfixed \
          ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}