diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml new file mode 100644 index 0000000..51eec59 --- /dev/null +++ b/.github/workflows/security-scan.yml @@ -0,0 +1,21 @@ +name: Security Scan + +on: + pull_request: + +jobs: + grype-security-scan: + runs-on: ubuntu-latest + name: Grype + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: Security Scan + id: grype-scan + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2 + with: + path: "." + fail-build: true + only-fixed: true + severity-cutoff: "high" + output-format: "table" diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml deleted file mode 100644 index 65cd388..0000000 --- a/.github/workflows/trivy.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Trivy Scan - -on: - pull_request: - -jobs: - trivy-code-security-scan: - runs-on: ubuntu-latest - name: Trivy - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Security Scan - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0 - with: - scan-type: 'fs' - scanners: vuln,secret - exit-code: 1 - ignore-unfixed: true \ No newline at end of file