CI - push trivy report for postgres to security tab

MTES-MCT · Dec 29, 2023 · c50c3cb · c50c3cb
1 parent bff1229
commit c50c3cb
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,8 +1,8 @@
 name: "Release"
 
 on:
-  push:
-    branches: [ "main" ]
+  #  push:
+  #    branches: [ "main" ]
   release:
     types: [ published ]
 

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -68,15 +68,15 @@ jobs:
             ENV_PROFILE=${{ env.ENV_PROFILE }}
             GITHUB_SHA=${{ github.sha }}
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy on Docker build
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "ghcr.io/mtes-mct/rapportnav2/rapportnav-app:${{ github.sha }}"
           format: sarif
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
 
-      - name: Run Trivy on Postgres
+      - name: Run Trivy on Postgres image
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "postgres:15.5-alpine"
@@ -88,3 +88,8 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
+
+      - name: Upload Postgres Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "postgres-trivy-results.sarif"