Skip to content

:dependabot: github-actions(deps): Bump actions/attest-sbom from 1.4.1 to 2.0.1 #79

:dependabot: github-actions(deps): Bump actions/attest-sbom from 1.4.1 to 2.0.1

:dependabot: github-actions(deps): Bump actions/attest-sbom from 1.4.1 to 2.0.1 #79

Workflow file for this run

---
name: 🩻 Scan
on:
pull_request:
branches:
- main
permissions: {}
jobs:
scan:
name: Scan
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
id: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Clean Actions Runner
id: clean_actions_runner
uses: ministryofjustice/github-actions/clean-actions-runner@ccf9e3a4a828df1ec741f6c8e6ed9d0acaef3490 # v18.5.0
with:
confirm: true
- name: Build
id: build
shell: bash
env:
IMAGE_NAME: ghcr.io/${{ github.repository }}
IMAGE_TAG: ${{ github.sha }}
run: |
make build
- name: Scan
id: scan
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
with:
image-ref: ghcr.io/${{ github.repository }}:${{ github.sha }}
severity: HIGH,CRITICAL
exit-code: 1