chores: Add Trivy Scanner GH Workflow (#187)

ykaiboussiSO · web-flow · commit 094ead75c969 · 2025-11-14T09:45:24.000-06:00
* chores: Add Trivy Scanner GH Workflow Closes: BED-6789 * update sha commit trivy gh action * fix the sha * update branch strategy * update branch strategy base main branch
diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
@@ -0,0 +1,29 @@
+name: Vulnerability Scan
+
+on:
+  pull_request:
+    branches:
+      - "*.*"
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  run-analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code for this repository
+        uses: actions/checkout@v4
+
+      - name: Run vulnerability scanner
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        with:
+          scan-type: "repo"
+          scan-ref: "./"
+          severity: "CRITICAL,HIGH"
+          exit-code: "1"
+          ignore-unfixed: true
+        env:
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
