scans: scan repo with Trivy

Wenzel · Wenzel · commit 9b524a0b5d00 · 2025-09-18T05:40:29.000-07:00
diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
@@ -83,11 +83,19 @@ jobs:
           output: main_container_trivy_report.txt
           skip-dirs: /workspace/simics
 
+      - name: Run Trivy vulnerability scanner on repo
+        uses: aquasecurity/trivy-action@f9424c10c36e288d5fa79bd3dfd1aeb2d6eae808 # master
+        with:
+          scan-type: fs
+          output: repo_scan_trivy_report.txt
+
       - name: Upload Trivy Report
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          path: main_container_trivy_report.txt
-          name: main_container_trivy_report
+          path: |
+            main_container_trivy_report.txt
+            repo_scan_trivy_report.txt
+          name: trivy_report
 
   scan_x86_64_breakpoint_uefi_edk2_container:
     runs-on: ubuntu-latest
