Aktivere trivy-action

[arnfinn]

For å finne sårbarheter.

Følgende ble brukt på base-r:

name: Vulnerability by trivy
on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
    - cron: '0 21 * * 1' # run every Monday at 21

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    env:
      IMAGE_NAME: ${{ github.repository }}
    steps:
    - name: Downcase repository name for image
      run: |
        echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}
    
    - name: Checkout code
      uses: actions/checkout@v3
    
    - name: Build image from Dockerfile
      run: |
        docker build -t ${IMAGE_NAME}:${{ github.sha }} --build-arg GH_PAT=${{ secrets.GITHUB_TOKEN}} .
    
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
        format: 'sarif'
        output: 'trivy-results.sarif'
        exit-code: '1'
        ignore-unfixed: false
        vuln-type: 'os,library'
        security-checks: 'vuln'
        severity: 'CRITICAL'

    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'
        category: Trivy