Skip to content

Commit

Permalink
[DPE-5586] SBOM Generation (#36)
Browse files Browse the repository at this point in the history
  • Loading branch information
deusebio authored Oct 3, 2024
1 parent 6a9ba89 commit 9a3c68c
Showing 1 changed file with 21 additions and 2 deletions.
23 changes: 21 additions & 2 deletions .github/workflows/trivy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ jobs:
build:
uses: ./.github/workflows/build.yaml
scan:
name: Trivy scan
name: Trivy scan and SBOM generation
needs: build
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v3
Expand Down Expand Up @@ -39,3 +39,22 @@ jobs:
if: always()
with:
sarif_file: 'trivy-results.sarif'

- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
uses: aquasecurity/trivy-action@master
with:
scan-type: 'image'
format: 'spdx-json'
output: 'dependency-results.sbom.json'
image-ref: 'trivy/charmed-zookeeper:test'
github-pat: ${{ secrets.GITHUB_TOKEN }}
severity: "MEDIUM,HIGH,CRITICAL"
scanners: "vuln"

- name: Upload trivy report as a Github artifact
uses: actions/upload-artifact@v4
with:
name: trivy-sbom-report
path: '${{ github.workspace }}/dependency-results.sbom.json'
retention-days: 90

0 comments on commit 9a3c68c

Please sign in to comment.