.github/workflows/vulnerability-scan.yml from tarlepp/symfony-flex-backend

.github/workflows/vulnerability-scan.yml

Summary

Maintainability

Test Coverage

Issues
Source
Stats

Issues

# GitHub Actions docs
# https://help.github.com/en/articles/about-github-actions
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
name: Vulnerability Scan
on:
  schedule:
    - cron: '0 12 * * *'
  workflow_dispatch:

jobs:
  scan:
    name: Scan docker image with Trivy
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Build the Docker image
        run: docker build . --file Dockerfile --tag symfony-flex-backend:master

      - name: Scan image with Trivy
        uses: lazy-actions/gitrivy@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          image: symfony-flex-backend:master
          ignore-unfixed: true