.github/workflows/trivy.yml

---
name: Trivy
'on': push
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Build an image from Dockerfile
        run: |
          docker build -t utrecht/n3dr:${{ github.sha }} .
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.14.0
        with:
          image-ref: 'utrecht/n3dr:${{ github.sha }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
          trivyignores: .trivyignore
      - name: Run Trivy vulnerability scanner in fs mode
        uses: aquasecurity/trivy-action@0.14.0
        with:
          scan-type: 'fs'
          scan-ref: '.'
          exit-code: '1'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH'
          trivyignores: .trivyignore