scheduled-scan #814

	name: scheduled-scan
	on:
	schedule:
	- cron: "0 5 * * *"
	workflow_dispatch: {}

	jobs:
	scan:
	runs-on: ubuntu-22.04
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Run Trivy filesystem vulnerability scanner
	id: scan
	uses: aquasecurity/trivy-action@0.20.0
	with:
	scan-type: 'fs'
	format: 'sarif'
	output: 'trivy-filesystem-results.sarif'
	exit-code: '1'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH'
	- name: Upload Trivy filesystem scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: 'trivy-filesystem-results.sarif'

	scan-image:
	runs-on: ubuntu-22.04
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Build image
	run: make docker-image DOCKER_IMAGE=ekco:nightly
	- name: Run Trivy image vulnerability scanner
	uses: aquasecurity/trivy-action@0.20.0
	with:
	image-ref: 'ekco:nightly'
	format: 'sarif'
	exit-code: '1'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH'
	output: 'trivy-image-results.sarif'
	- name: Upload Trivy image scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: 'trivy-image-results.sarif'

Provide feedback