scans: scan repo with Trivy

Wenzel · Wenzel · commit eb5bd13651c7 · 2025-09-18T06:08:35.000-07:00
diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
@@ -52,6 +52,19 @@ jobs:
           /action/lib/linter.sh || ( echo "❗ [CT222] Super linter found an issue (possibly Hadolint)" && exit 1 )
           echo "✅ [CT222] Hadolint Dockerfile check passed"
 
+      - name: Run Trivy vulnerability scanner on repo
+        uses: aquasecurity/trivy-action@f9424c10c36e288d5fa79bd3dfd1aeb2d6eae808 # master
+        with:
+          scan-type: config
+          scan-ref: .
+          output: repo_scan_trivy_report.txt
+
+      - name: Upload Trivy Report
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          path: repo_scan_trivy_report.txt
+          name: trivy_repo_report
+
   scan_main_container:
     runs-on: ubuntu-latest
     steps:
@@ -87,7 +100,7 @@ jobs:
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           path: main_container_trivy_report.txt
-          name: main_container_trivy_report
+          name: trivy_container_report
 
   scan_x86_64_breakpoint_uefi_edk2_container:
     runs-on: ubuntu-latest
