Add trivy job #49 from valitydev/trivy

AydarN · web-flow · commit e4d9962267a0 · 2023-10-11T10:37:12.000+03:00
diff --git a/.github/workflows/maven-library-build.yml b/.github/workflows/maven-library-build.yml
@@ -67,3 +67,4 @@ jobs:
 
       - name: Upload code coverage
         uses: codecov/codecov-action@v3
+
diff --git a/.github/workflows/maven-service-build.yml b/.github/workflows/maven-service-build.yml
@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Build Java
-        uses: valitydev/action-jdk-build@v0.0.14
+        uses: valitydev/action-jdk-build@trivy
         with:
           jdk-version: ${{ inputs.java-version }}
           jdk-distribution: ${{ inputs.java-distribution }}
@@ -45,7 +45,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Build Java
-        uses: valitydev/action-jdk-build@v0.0.14
+        uses: valitydev/action-jdk-build@trivy
         with:
           jdk-version: ${{ inputs.java-version }}
           jdk-distribution: ${{ inputs.java-distribution }}
@@ -54,3 +54,18 @@ jobs:
       - name: Upload code coverage
         uses: codecov/codecov-action@v3
 
+  scan:
+    name: Scan with Trivy
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install Trivy CLI
+        run: |
+          wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
+          sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
+      - uses: actions/download-artifact@v3
+        with:
+          name: bom.json
+      - name: Run Trivy with SBOM
+        run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json

Original file line number	Diff line number	Diff line change
`@@ -67,3 +67,4 @@ jobs:`
`67`	`67`
`68`	`68`	`- name: Upload code coverage`
`69`	`69`	`uses: codecov/codecov-action@v3`
	`70`	`+`