From e8089d1397c817bb458fea9406b828595c8ce2d2 Mon Sep 17 00:00:00 2001
From: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Date: Wed, 16 Oct 2024 12:01:26 +0530
Subject: [PATCH] Update push-trigger.yml

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
---
 .github/workflows/push-trigger.yml | 33 ++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index f3bcba12917..008af75349a 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -98,3 +98,36 @@ jobs:
       ACTOR_DOCKER_HUB: ${{ secrets.ACTOR_DOCKER_HUB }}
       RELEASE_DOCKER_HUB: ${{ secrets.RELEASE_DOCKER_HUB }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  trivy_scan:
+    needs: build-dockers
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - SERVICE_NAME: 'kernel-ridgenerator-service'
+          - SERVICE_NAME: 'kernel-notification-service'
+          - SERVICE_NAME: 'kernel-pridgenerator-service'
+          - SERVICE_NAME: 'kernel-idgenerator-service'
+          - SERVICE_NAME: 'kernel-salt-generator'
+          - SERVICE_NAME: 'kernel-config-server'
+    steps:
+      - name: Set environment variables
+        run: |
+          echo "SERVICE_NAME=${{ matrix.SERVICE_NAME }}" >> $GITHUB_ENV
+          echo "VERSION=latest" >> $GITHUB_ENV
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: 'docker.io/${{ env.SERVICE_NAME }}:${{ env.VERSION }}'
+          format: 'sarif'
+          output: 'trivy-results-${{ matrix.SERVICE_NAME }}.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-${{ matrix.SERVICE_NAME }}.sarif'