2024-11-24 17:51:33 -05:00
1 changed files with 11 additions and 11 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -19,7 +19,7 @@ env:
 jobs:
  build:
    name: Build & push new image
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-latest"
    permissions:
      contents: read
      packages: write
@ -79,36 +79,36 @@ jobs:
    needs: build
    permissions:
      security-events: write
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-latest"
    steps:
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
-          image-ref: ghcr.io/tommytran732/synapse
-          format: template
+          image-ref: 'ghcr.io/tommytran732/synapse'
+          format: 'template'
          template: '@/contrib/sarif.tpl'
-          output: trivy-results.sarif
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          vuln-type: os,library
+          output: 'trivy-results.sarif'
+          severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
+          vuln-type: "os,library"

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
-          sarif_file: trivy-results.sarif
-          category: trivy
+          sarif_file: 'trivy-results.sarif'
+          category: 'trivy'

  grype:
    name: Scan current image with Grype
    needs: build
    permissions:
      security-events: write
-    runs-on: ubuntu-24.04
+    runs-on: "ubuntu-latest"
    steps:
      - name: Run Grype vulnerability scanner
        uses: anchore/scan-action@v4
        id: grype
        with:
-          image: ghcr.io/tommytran732/synapse
+          image: "ghcr.io/tommytran732/synapse"
          fail-build: false

      - name: Upload Grype scan results to GitHub Security tab