Update main.yaml #19

Workflow file for this run

	name: Build and Scan

	on:
	push:
	pull_request:

	jobs:
	Echo:
	runs-on: ubuntu-latest

	steps:
	- name: echo
	run: \|
	echo "CSPM_URL: $CSPM_URL"
	echo "AQUA_URL: $AQUA_URL"

	Build-and-Scan:
	runs-on: ubuntu-latest

	steps:
	# Step 1: Checkout the repository code
	- name: Checkout code
	uses: actions/checkout@v4

	# Step 2: Setup .NET SDK
	- name: Setup .NET SDK
	uses: actions/setup-dotnet@v3
	with:
	dotnet-version: '9.0'

	# Step 3: Restore .NET dependencies
	- name: Restore .NET dependencies
	run: dotnet restore ./src/MySampleDotNetApp/MySampleDotNetApp.csproj

	# Step 4: Build the .NET project
	- name: Build .NET project
	run: dotnet build ./src/MySampleDotNetApp/MySampleDotNetApp.csproj --configuration Release

	# Step 5: Run Trivy scan
	- name: Run Trivy scan
	uses: docker://aquasec/aqua-scanner
	with:
	args: trivy fs --sast --scanners misconfig,vuln,secret .
	env:
	AQUA_KEY: ${{ secrets.AQUA_KEY }}
	AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
	GITHUB_TOKEN: ${{ github.token }}
	AQUA_URL: ${{ env.AQUA_URL }}
	CSPM_URL: ${{ env.CSPM_URL }}
	TRIVY_RUN_AS_PLUGIN: "aqua"

	# Step 6: Manifest Generation (Optional, for Aqua Security integration)
	- name: Manifest Generation
	run: \|
	export BILLY_SERVER=https://billy.codesec.aquasec.com
	curl -sLo install.sh download.codesec.aquasec.com/billy/install.sh
	curl -sLo install.sh.checksum https://github.com/argonsecurity/releases/releases/latest/download/install.sh.checksum
	if ! cat install.sh.checksum \| sha256sum -c ; then
	echo "install.sh checksum failed"
	exit 1
	fi
	BINDIR="." sh install.sh
	rm install.sh install.sh.checksum
	./billy generate \
	--access-token "${{ secrets.GITHUB_TOKEN }}" \
	--aqua-key "${{ secrets.AQUA_KEY }}" \
	--aqua-secret "${{ secrets.AQUA_SECRET }}" \
	--cspm-url "${{ env.CSPM_URL }}" \
	--artifact-path "my-sample-app:${{ github.sha }}"
	env:
	CSPM_URL: ${{ env.CSPM_URL }}
	AQUA_URL: ${{ env.AQUA_URL }}
	AQUA_KEY: ${{ secrets.AQUA_KEY }}
	AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
	GITHUB_TOKEN: ${{ github.token }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update main.yaml #19

Workflow file

Update main.yaml #19

Jobs

Run details

Workflow file for this run