1 changed files with 8 additions and 9 deletions
--- a/.gitea/workflows/build_push.yml
+++ b/.gitea/workflows/build_push.yml
@ -45,15 +45,14 @@ jobs:
            git.aridgwayweb.com/armistace/blog:latest
      - name: Trivy Scan
-        run: |
+        uses: aquasecurity/trivy-action@master
-          echo "Installing Trivy
+        with:
-          sudo apt-get update
+          image-ref: ${{ vars.DOCKER_SERVER }}/${{ vars.DOCKER_USERNAME }}/blog:latest
-          sudo apt-get install wget apt-transport-https gnupg lsb-release
+          format: table
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+          exit-code: 1
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          ignore-unfixed: true
-          sudo apt-get update
+          vuln-type: os,library
-          sudo apt-get install trivy
+          severity: HIGH,CRITICAL
          trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL git.aridgwayweb.com/armistace/blog:latest
      - name: Deploy
        run: |