Skip to content

Scheduled scan

Scheduled scan #41

name: Scheduled scan
on:
schedule:
- cron: '0 21 * * 0'
jobs:
scan:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install yq
run: |
sudo snap install yq
- name: Find version to scan
run: |
image_name="$(yq '.name' rockcraft.yaml)"
echo "image_name=${image_name}" >> $GITHUB_ENV
version="$(yq '.version' rockcraft.yaml)"
echo "version=${version}" >> $GITHUB_ENV
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/canonical/${{env.image_name}}:${{env.version}}"
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'