Skip to content

Security

Security #29

name: Security
on:
workflow_call:
schedule:
# Weekly on Monday at 00:00 UTC
- cron: 0 0 * * 1
jobs:
terraform-scan:
name: Terraform
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Scan
uses: aquasecurity/[email protected]
with:
exit-code: 1
scan-ref: "infra/terraform"
scan-type: "config"
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL"
limit-severities-for-sarif: true
version: "v0.54.1"
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
- name: Upload Results to GitHub Code Scanning
if: ${{ always() }}
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"