name: Vulnerability Scan on: schedule: - cron: '0 14 * * *' jobs: scan: name: Daily Vulnerability Scan runs-on: ubuntu-latest steps: - name: Pull docker image run: docker pull docker.asperti.com/paspo/glpi:latest - name: Run Trivy vulnerability scanner id: scan uses: aquasecurity/trivy-action@master with: image-ref: 'docker.asperti.com/paspo/glpi:latest' format: 'json' output: 'trivy-results.json' - name: check output run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi