ci: Add trivy scan to docker build

stenic · Feb 9, 2023 · c32920c · c32920c
1 parent 33b99d3
commit c32920c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -23,13 +23,17 @@ jobs:
         with:
           push: false
           tags: 'ledger:${{ github.sha }}'
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: 'ledger:${{ github.sha }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2