Update GitHub workflow.

dbca-wa · Nov 25, 2024 · e3bd79e · e3bd79e
1 parent 353870f
commit e3bd79e
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/.github/workflows/image-build-scan.yml b/.github/workflows/image-build-scan.yml
@@ -5,7 +5,8 @@ on:
     # Publish `master` as `latest` image.
     branches: [master]
     # Publish tagged commits as releases.
-    tags: ['1.*', '2.*', '3.*']
+    tags:
+      - "*"
   pull_request:
     branches: [master]
 
@@ -78,16 +79,19 @@ jobs:
       # Run vulnerability scan on built image
       #----------------------------------------------
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
-          scan-type: image
+          scan-type: "image"
+          scanners: "vuln"
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          vuln-type: 'os,library'
-          severity: 'HIGH,CRITICAL'
-          format: template
-          template: '@/contrib/sarif.tpl'
-          output: trivy-results.sarif
+          vuln-type: "os,library"
+          severity: "HIGH,CRITICAL"
+          format: "sarif"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: trivy-results.sarif
+          sarif_file: "trivy-results.sarif"