fix: remove rule pkcs12-file (#333) #681
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trivy-scan | |
| on: | |
| push: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - master | |
| schedule: | |
| - cron: '5 6 * * *' # Runs every day at 06:05 UTC | |
| jobs: | |
| trivy-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Build and load (not push) | |
| uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
| with: | |
| load: true | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/amd64 | |
| push: false | |
| tags: checkmarx/2ms:scanme | |
| - name: Run Trivy Scan | |
| uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 | |
| with: | |
| image-ref: checkmarx/2ms:scanme | |
| vuln-type: os,library | |
| format: table | |
| ignore-unfixed: true | |
| severity: CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN | |
| trivy-config: trivy.yaml | |
| exit-code: '1' | |
| env: | |
| TRIVY_SKIP_DB_UPDATE: true | |
| TRIVY_SKIP_JAVA_DB_UPDATE: true |