name: Scan on: schedule: # Scan the image regularly (once a day) - cron: '0 23 * * *' jobs: scan: name: Scan current image & report results runs-on: "ubuntu-latest" steps: - name: Checkout code uses: actions/checkout@v2 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/tommytran732/matrix.to' format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' vuln-type: "os" - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif'