Integrating Trivy Action on Github for Repo Secret Scanning

[shivamneeraj2311]

Is there any way to scan for just the diff in a PR when integrating Trivy for secret scan in a PR, rather than having to scan the entire repo?

Current trivy file: ` name: Secrets Check on: push: branches:

• env/production pull_request: types: [opened, synchronize, reopened] jobs: trivy_scanner: runs-on: ubuntu-20.04 steps:
• name: Setup checkout uses: actions/checkout@v3
• name: Run scan id: trivy-scan uses: aquasecurity/trivy-action@master with: scan-type: 'repo' scan-ref: '.' format: 'table' exit-code: 1 ignore-unfixed: true vuln-type: 'library,os' severity: 'CRITICAL,HIGH,MEDIUM' scanners: secret `

[MPV]

Is this a duplicate of...?

• https://github.com/aquasecurity/trivy-action/issues/151