diff --git a/README.md b/README.md index f76e694..fc48a04 100644 --- a/README.md +++ b/README.md @@ -34,12 +34,12 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Build an image from Dockerfile run: | docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'table' @@ -64,10 +64,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in fs mode - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: 'fs' scan-ref: '.' @@ -109,7 +109,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Generate tarball from image run: | @@ -117,7 +117,7 @@ jobs: docker save -o vuln-image.tar - name: Run Trivy vulnerability scanner in tarball mode - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: input: /github/workspace/vuln-image.tar severity: 'CRITICAL,HIGH' @@ -138,21 +138,21 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build an image from Dockerfile run: | docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -173,21 +173,21 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build an image from Dockerfile run: | docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' @@ -212,10 +212,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: 'fs' ignore-unfixed: true @@ -224,7 +224,7 @@ jobs: severity: 'CRITICAL' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -246,10 +246,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner with rootfs command - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: 'rootfs' scan-ref: 'rootfs-example-binary' @@ -259,7 +259,7 @@ jobs: severity: 'CRITICAL' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -281,10 +281,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in IaC mode - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: 'config' hide-progress: true @@ -295,7 +295,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -325,10 +325,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: 'fs' format: 'github' @@ -359,7 +359,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Scan image in a private registry - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: "private_image_registry/image_name:image_tag" scan-type: image @@ -399,10 +399,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -412,7 +412,7 @@ jobs: TRIVY_PASSWORD: Password - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -435,10 +435,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'aws_account_id.dkr.ecr.region.amazonaws.com/imageName:${{ github.sha }}' format: 'sarif' @@ -449,7 +449,7 @@ jobs: AWS_DEFAULT_REGION: us-west-2 - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -471,10 +471,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -483,7 +483,7 @@ jobs: GOOGLE_APPLICATION_CREDENTIAL: /path/to/credential.json - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -504,10 +504,10 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -517,7 +517,7 @@ jobs: TRIVY_PASSWORD: Password - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' ``` @@ -530,7 +530,7 @@ This step is especially useful for private repositories without [GitHub Advanced ```yaml - name: Run Trivy scanner - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.24.0 with: scan-type: config hide-progress: true