Chore(CI) -

tarlepp · tarlepp · commit 89edd3ab443d · 2024-08-29T19:34:10.000+03:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -360,3 +360,13 @@ jobs:
 
       - name: Build the Docker image
         run: docker build . --file Dockerfile --tag symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }}
+
+      - name: Scan Docker image with Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: 'symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
