-
We set a `Github Code Scanning` workflow according to this:
```
name: build
on:
push:
branches:
- master
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-20.…
-
**What steps did you take and what happened:**
After send a SBOM request to /api/v1/scan
and the subsequent request to retrieve the sbom
`GET /api/v1/scan/{scan_request_id}/report?sbom_media_typ…
-
Hi Guys,
Getting an error, while using this action.
![Screenshot 2022-02-03 111658](https://user-images.githubusercontent.com/89420993/152382722-0aad7b83-2115-4612-a8d1-600a07ed6eca.jpg)
loo…
-
**Expected behavior and actual behavior:**
When I look at a Trivy Scan Report in Harbor, I cannot see in which files the respective vulnerabilities were found. This looks different with a local scan.…
-
It would be nice to have some sort of security scanning functionality in CI to try to catch any security problems.
## SCA / Dependency scanning
- Snyk? (sketchy PNPM support?)
- [OWASP Dependen…
-
## Description
When scanning the Nebraska repo we're seeing a lot of vulnerabilties.
## Impact
Several critical vulnerabilities that - *if used by Nebraska* - could potentially make Nebraska …
-
I have the following set in my workflow:
```
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.image_name }}:${{ env.TAG_NAME }}'
exit: '1'
…
-
Add trivy via GitHub Actions in order to scan containers for vulnerabilities.
-
5m 54s
Run aquasecurity/trivy-action@master
/usr/bin/docker run --name b[1](https://github.com/myjob/myrepoactions/runs/7836467052/job/21384192648?pr=3#step:4:1)3f7f19b01049459adafcf68a011f09_bd626f…
-
Currently the Trivy client itself downloads the Java DB if a java package is detected, regardless if it's configured to use a central server (client / server mode).
It would be great if the server is…