ci: update vulnerability check to use Trivy scan
Some checks failed
CI/CD Pipeline / Quick Checks (pull_request) Successful in 20s
CI/CD Pipeline / ESLint (pull_request) Successful in 11s
CI/CD Pipeline / Build Application (pull_request) Has been cancelled
CI/CD Pipeline / Security Audit (pull_request) Has been cancelled
CI/CD Pipeline / Test & Coverage (pull_request) Has been cancelled
Some checks failed
CI/CD Pipeline / Quick Checks (pull_request) Successful in 20s
CI/CD Pipeline / ESLint (pull_request) Successful in 11s
CI/CD Pipeline / Build Application (pull_request) Has been cancelled
CI/CD Pipeline / Security Audit (pull_request) Has been cancelled
CI/CD Pipeline / Test & Coverage (pull_request) Has been cancelled
This commit is contained in:
@ -198,8 +198,10 @@ jobs:
|
|||||||
- name: Install dependencies (if cache miss)
|
- name: Install dependencies (if cache miss)
|
||||||
run: bun install --frozen-lockfile
|
run: bun install --frozen-lockfile
|
||||||
|
|
||||||
- name: Run security audit
|
- name: Run Trivy vulnerability scan
|
||||||
run: bun audit --audit-level moderate
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
- name: Run dependency vulnerability check
|
scan-type: 'fs'
|
||||||
run: bunx audit-ci --moderate --report-type summary
|
scan-ref: '.'
|
||||||
|
format: 'sarif'
|
||||||
|
output: 'trivy-results.sarif'
|
||||||
|
|||||||
Reference in New Issue
Block a user