blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-10-12 11:02:13 +08:00
Code Issues Projects Releases Wiki Activity

ci: integrate Trivy vulnerability scanning into CI workflow (#4359)

Browse Source 
- Add a GitHub Actions job for vulnerability scanning using Trivy
- Configure Trivy to scan the repository for vulnerabilities of severity critical, high, and medium
- Ensure the workflow fails if vulnerabilities are found

Signed-off-by: appleboy <appleboy.tw@gmail.com>
This commit is contained in:
Bo-Yi Wu 2025-09-20 19:24:57 +08:00 committed by GitHub
parent 2119046230
commit cb000f570c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/gin.yml vendored
View File

@ -81,3 +81,19 @@ jobs:
uses: codecov/codecov-action@v4 uses: codecov/codecov-action@v4
with: with:
flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }} flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
vulnerability-scanning:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.33.1
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH,MEDIUM'