diff --git a/.gitea/workflows/vulnscan.yaml b/.gitea/workflows/vulnscan.yaml index a357756..9366b6b 100644 --- a/.gitea/workflows/vulnscan.yaml +++ b/.gitea/workflows/vulnscan.yaml @@ -17,28 +17,22 @@ jobs: - name: Pull docker image run: docker pull docker.asperti.com/paspo/glpi:latest - - uses: actions/cache/restore@v4 - with: - path: | - /root/.cache/trivy - key: trivy-db - - name: Setup trivy run: | - wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.57.1/trivy_0.57.1_Linux-64bit.deb + echo "Installing Trivy for arch: $(uname -m)" + case $(uname -m) in + x86_64) + wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-64bit.deb ;; + aarch64) + wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-ARM64.deb ;; + *) exit 1 ;; + esac dpkg -i /tmp/trivy.deb - name: Run Trivy vulnerability scanner id: scan run: | - trivy image --format json docker.asperti.com/paspo/glpi:latest > trivy-results.json - - - uses: actions/cache/save@v4 - if: always() # salva in cache anche se trova vulnerabilità - with: - path: | - /root/.cache/trivy - key: trivy-db + trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/glpi:latest > trivy-results.json # if some vulnerability is found, we fail - name: check output