mirror of https://github.com/astounds/trivy-action.git synced 2026-05-20 17:45:17 -04:00

custom minimal trivy action

Shell 93.3%
Dockerfile 6.7%

Find a file

Astounds 23d9697bfe fix: support "latest" as version resolving via GitHub API Resolve "latest" to the concrete release tag via GitHub API before validation, then proceed with the full Cosign/Sigstore + SHA-256 verification chain. Falls back safely if API fails.		2026-05-17 17:54:31 -05:00
action.yml	feat: replace install.sh pipeline with direct download + Sigstore + SHA verification	2026-05-17 17:49:14 -05:00
Dockerfile	feat: replace install.sh pipeline with direct download + Sigstore + SHA verification	2026-05-17 17:49:14 -05:00
entrypoint.sh	fix: support "latest" as version resolving via GitHub API	2026-05-17 17:54:31 -05:00
LICENSE	initial commit	2025-01-20 08:19:49 +08:00
README.md	fix: support "latest" as version resolving via GitHub API	2026-05-17 17:54:31 -05:00

README.md

Trivy Image Scan

Description

Trivy Image Scan is a tool for scanning Docker images for vulnerabilities using Trivy. It integrates seamlessly into CI/CD workflows to perform vulnerability scans on Docker images before deployment.

Example Usage

Here is a complete example of how to use this action in a GitHub Actions workflow:

# .github/workflows/trivy.yml

name: Docker Image Security Scan

on:
  push:
    branches:
      - main

jobs:
  trivy-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run Trivy scan
        uses: astounds/trivy-action@v1
        with:
          image: 'your-docker-image:latest'
          db-repository: 'ghcr.io/aquasecurity/trivy-db:2'
          java-db-repository: 'ghcr.io/aquasecurity/trivy-java-db:1'
          severity: 'CRITICAL,HIGH'
          pkg-types: 'os'
          format: 'table'
          exit-code: '1'
          version: 'v0.70.0' # eg. latest, v0.57.1, etc