name: Vulnerability Scan on: schedule: - cron: "0 14 * * *" jobs: scan: name: Daily Vulnerability Scan runs-on: ubuntu-latest steps: - name: Pull docker image run: docker pull docker.asperti.com/paspo/glpi:latest - name: Run Trivy vulnerability scanner id: scan uses: aquasecurity/trivy-action@master with: image-ref: "docker.asperti.com/paspo/glpi:latest" format: "json" output: "trivy-results.json" # if some vulnerability is found, we fail - name: check output run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi