trivy

Feature/v1.13 versions (#826) #1256

	name: trivy

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	security-events: write

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0
	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
	with:
	scan-type: fs
	ignore-unfixed: false
	format: sarif
	output: trivy-results.sarif
	severity: CRITICAL,HIGH,MEDIUM
	scanners: vuln,secret
	exit-code: '0'
	vuln-type: os,library
	env:
	TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
	with:
	sarif_file: trivy-results.sarif
	category: code

Provide feedback