fix(trivy.yml): specify Dockerfile path in docker build command to en…

…sure correct file is used for building the image feat(trivy.yml): add support for building and scanning an additional Alpine-based image feat(trivy.yml): upload Trivy scan results for the Alpine-based image to GitHub Security tab feat(trivy.yml): generate security report using the rsdmike/github-security-report-action
liquibase · Dec 1, 2023 · 619cf5c · 619cf5c
1 parent 015957e
commit 619cf5c
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t liquibase/liquibase:${{ github.sha }} .
+          docker build -f Dockerfile -t liquibase/liquibase:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320
@@ -40,11 +40,27 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
+      - name: Build an image from Dockerfile (alpine)
+        run: |
+          docker build -f Dockerfile.alpine -t liquibase/liquibase-alpine:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner (alpine)
+        uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320
+        with:
+          image-ref: 'liquibase/liquibase-alpine:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results-alpine.sarif'
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: 'trivy-results.sarif'
 
+      - name: Upload Trivy scan results to GitHub Security tab (alpine)
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-alpine.sarif'
+
       - name: Generate Security Report
         uses: rsdmike/[email protected]
         with: