v1.0.7
🥇 What’s New:
Improved Security Vulnerability Scanning Options
🔒 This release introduces the ability to upload the results of a Trivy vulnerability scan contained in a Sarif file to the GitHub Security tab.
The Trivy Security Scanning option was released in v1.0.6 of the Action, which can be optionally run during the release process contained in this action via a Bash script. When enabled, Trivy scans for security vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. To enable the scanner, set the vulnerability-scan input default to true.
Note -- If there are no vulnerabilities found, or UNKNOWN, LOW, or MEDIUM vulnerabilities, the action will complete with exit 0. If there is a HIGH or CRITICAL vulnerability found, the release deployment will fail with exit 1. The results of the scan will then be displayed in a sarif.tpl named trivy-results.sarif.
As mentioned above, with this release, these results will then will be uploaded to the Security tab in your repository.
🕐 What's Next
If you'd like to contribute to the above issues. pull requests are welcome and appreciated! :)
Huge thanks to @Langleu for his impeccable work pair programming with @celanthe to make this release possible! 🚀 🎉
