[CI] Add Trivy vulnerables check

Signed-off-by: v.oleynikov <[email protected]>
deckhouse · Aug 19, 2024 · ad306bb · ad306bb
1 parent 738ee1c
commit ad306bb
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/.github/workflows/trivy_check.yaml b/.github/workflows/trivy_check.yaml
@@ -0,0 +1,23 @@
+name: Trivy check for sub repos
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  test:
+    name: Go linter for images
+    runs-on: [self-hosted, regular]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Trivy
+        uses: aquasecurity/trivy-action@master
+
+      - name: Run Trivy filesystem scan
+        run: |
+          trivy fs .