A GitHub Action to run Trivy and post the results to the GitHub Security tab.
name: Trivy
on:
pull_request:
branches: [ 'main' ]
types: [ opened, synchronize, reopened, closed, labeled, unlabeled ]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Terraform Init
run: terraform init
working-directory: "terraform/modules/vpc"
- name: Run Trivy
uses: The-Infra-Company/github-action-trivy-upload@0.2.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
working_directory: "terraform/modules/vpc"| name | description | required | default |
|---|---|---|---|
github_token |
GITHUB_TOKEN |
true |
${{ github.token }} |
working_directory |
Directory to run the action on, from the repo root. Default is . (root of the repository) |
false |
. |
trivy_command |
Trivy command [aws,config,filesystem,image,kubernetes,rootfs,sbom,vm] |
true |
config |
trivy_version |
The version of trivy to install. Default is latest. |
false |
latest |
trivy_flags |
List of arguments to send to trivy For the output to be parsable by reviewdog --format=checkstyle is enforced Default is blank. |
false |
"" |
| name | description |
|---|---|
trivy-return-code |
trivy command return code |