From f9352a337718e6e31b4acdbebbf48ee16d22e7df Mon Sep 17 00:00:00 2001
From: "Filip.mihajlovski" <89919332+Filip3mac@users.noreply.github.com>
Date: Fri, 12 Jan 2024 14:14:10 +0100
Subject: [PATCH 1/5] Added trivy.yml

---
 .github/workflows/trivy.yml | 48 +++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 0000000..6b22d2a
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,48 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: trivy
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '28 3 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Build
+    runs-on: "ubuntu-20.04"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        with:
+          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

From aa6418f0224e22de7e65ac68cc9e6c04467a6874 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Fri, 12 Jan 2024 14:30:39 +0100
Subject: [PATCH 2/5] removed docker mode from trivy

---
 .github/workflows/trivy.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6b22d2a..40f7b26 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -3,6 +3,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
+
 name: trivy
 
 on:
@@ -29,14 +30,14 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Build an image from Dockerfile
-        run: |
-          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+      # - name: Build an image from Dockerfile
+      #   run: |
+      #     docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
         with:
-          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
+          # image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
           format: 'template'
           template: '@/contrib/sarif.tpl'
           output: 'trivy-results.sarif'

From d056ddc3abd246ef14803391fe028fd7013e8684 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Fri, 12 Jan 2024 14:44:48 +0100
Subject: [PATCH 3/5] changed trivy config

---
 .github/workflows/trivy.yml | 47 ++++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 40f7b26..76023a0 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -19,31 +19,40 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  chart-test:
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    name: Build
-    runs-on: "ubuntu-20.04"
+        contents: read # for actions/checkout to fetch code
+        security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+        actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@master
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@f382f75448129b3be48f8121b9857be18d815a82 # tag=v3.4
+        with:
+          version: v3.6.3
 
-      # - name: Build an image from Dockerfile
-      #   run: |
-      #     docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+      - name: Set up python
+        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # tag=v4.3.0
+        with:
+          python-version: 3.7
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # tag=0.8.0
         with:
-          # image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          scan-type: 'config'
+          hide-progress: false
+          format: 'sarif'
+          scan-ref: '.'
           output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          exit-code: '1'
+          ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@312e093a1892bd801f026f1090904ee8e460b9b6 # v2.1.34
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'trivy-results.sarif'
\ No newline at end of file

From bf4f68924c6968f9ff279d632ff3426a946a0e55 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Fri, 12 Jan 2024 14:47:01 +0100
Subject: [PATCH 4/5] removed exit status

---
 .github/workflows/trivy.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 76023a0..6004b02 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -49,7 +49,6 @@ jobs:
           format: 'sarif'
           scan-ref: '.'
           output: 'trivy-results.sarif'
-          exit-code: '1'
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab

From 2ca9c911a4f7048c3f9139c31405be9e1e96d5aa Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Fri, 12 Jan 2024 14:52:59 +0100
Subject: [PATCH 5/5] updated trivy version

---
 .github/workflows/trivy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6004b02..32a7585 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -42,7 +42,7 @@ jobs:
           python-version: 3.7
 
       - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # tag=0.8.0
+        uses: aquasecurity/trivy-action@0.16.1
         with:
           scan-type: 'config'
           hide-progress: false