diff --git a/.gitea/workflows/vulnscan.yaml b/.gitea/workflows/vulnscan.yaml index 0fd84af..22e77ba 100644 --- a/.gitea/workflows/vulnscan.yaml +++ b/.gitea/workflows/vulnscan.yaml @@ -1,3 +1,4 @@ +--- name: Vulnerability Scan on: @@ -14,15 +15,30 @@ jobs: steps: - name: Pull docker image - run: docker pull docker.asperti.com/${{ github.repository_owner }}/hugo:latest + run: docker pull docker.asperti.com/paspo/hugo:latest + + - uses: actions/cache/restore@v4 + with: + path: | + /root/.cache/trivy + key: trivy-db + + - name: Setup trivy + run: | + wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.57.1/trivy_0.57.1_Linux-64bit.deb + dpkg -i /tmp/trivy.deb - name: Run Trivy vulnerability scanner id: scan - uses: aquasecurity/trivy-action@master + run: | + trivy image --format json docker.asperti.com/paspo/hugo:latest > trivy-results.json + + - uses: actions/cache/save@v4 + if: always() # salva in cache anche se trova vulnerabilità with: - image-ref: "docker.asperti.com/${{ github.repository_owner }}/hugo:latest" - format: "json" - output: "trivy-results.json" + path: | + /root/.cache/trivy + key: trivy-db # if some vulnerability is found, we fail - name: check output