From b8c0dd4cb805def9d0775b5146bbce30521e9ff7 Mon Sep 17 00:00:00 2001
From: Mohamed Chiheb Ben Jemaa <mc.benjemaa@gmail.com>
Date: Mon, 16 Dec 2024 12:43:49 +0100
Subject: [PATCH] Scan container images with Trivy

---
 .github/workflows/container-image.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container-image.yaml b/.github/workflows/container-image.yaml
index a630a5b6..4f05c952 100644
--- a/.github/workflows/container-image.yaml
+++ b/.github/workflows/container-image.yaml
@@ -47,15 +47,17 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          load: ${{ github.event_name == 'pull_request' }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Scan image
         if: github.event_name == 'pull_request'
-        uses: anchore/scan-action@v5
+        uses: aquasecurity/trivy-action@0.29.0
         id: scan
         with:
-          image: ${{ steps.meta.outputs.tags }}
-          add-cpes-if-none: true
-          output-format: table
+          scan-ref: ${{ steps.meta.outputs.tags }}
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'HIGH,CRITICAL'