Trivy scan master #600

	# Copyright (C) 2023 Bankdata ([email protected])

	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at

	# http://www.apache.org/licenses/LICENSE-2.0

	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: Trivy scan master

	on:
	schedule:
	- cron: '0 5 * * *'

	env:
	REGISTRY: ghcr.io

	jobs:
	docker:
	name: Trivy scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/cache@v3
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-
	- uses: actions/cache@v3
	with:
	path: ./bin/
	key: ${{ runner.os }}-binaries-${{ hashFiles('**/go.sum') }}
	- uses: actions/setup-go@v4
	with:
	go-version: '>=1.21.3'
	- name: build
	run: make docker-build
	- uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'image'
	image-ref: 'controller:latest'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH,MEDIUM,LOW'
	exit-code: '1'
	# format: 'table'
	format: 'sarif'
	output: 'trivy-results-image.sarif'
	- name: Upload Trivy scan image results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results-image.sarif'

Provide feedback