diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index cdaf9e6..1ad0acd 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -12,15 +12,13 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v2 - - name: Build an image from Dockerfile - run: | - docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + - name: 'Security Scan' + if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) + uses: aquasecurity/trivy-action@0.14.0 + with: + scan-type: 'config' + scan-ref: './examples/complete/' + hide-progress: false + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH'