chore: run trivy image scanner

egose · Oct 23, 2024 · 0b2a969 · 0b2a969
1 parent e2add31
commit 0b2a969
Showing 1 changed file with 2 additions and 22 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -26,7 +26,7 @@ jobs:
       uses: ./.github/actions/setup-tools
 
     - name: Build and Push
-      uses: egose/actions/docker-build-push@a18ce5484959fe604bf4c29726334e54933d1ba9
+      uses: egose/actions/docker-build-push@04925c12e8e754a7951ebc1f20f7762595011d5d
       with:
         registry-url: ${{ env.DOCKER_REGISTRY }}
         registry-username: ${{ github.actor }}
@@ -36,24 +36,4 @@ jobs:
           type=semver,pattern={{version}}
           type=semver,pattern={{major}}.{{minor}}
           type=semver,pattern={{major}}
-
-    - name: Run Snyk to check Docker image for vulnerabilities
-      continue-on-error: true
-      uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}
-        args: --file=Dockerfile
-
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v3
-      with:
-        sarif_file: snyk.sarif
-
-    - name: Upload result to Artifact
-      uses: actions/upload-artifact@v4
-      with:
-        name: snyk.sarif
-        path: snyk.sarif
-        retention-days: 7
+        trivy: true