mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-09 17:25:59 -06:00
Some checks are pending
Build / Build and Test ${{ matrix.channel }} (msrv) (push) Waiting to run
Build / Build and Test ${{ matrix.channel }} (rust-toolchain) (push) Waiting to run
Check templates / Validate docker templates (push) Waiting to run
Hadolint / Validate Dockerfile syntax (push) Waiting to run
Release / Build Vaultwarden containers (amd64, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (amd64, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v6, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v6, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v7, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v7, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm64, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm64, debian) (push) Waiting to run
Release / Merge manifests (alpine) (push) Blocked by required conditions
Release / Merge manifests (debian) (push) Blocked by required conditions
Trivy / Trivy Scan (push) Waiting to run
Code Spell Checking / Run typos spell checking (push) Waiting to run
Security Analysis with zizmor / Run zizmor (push) Waiting to run
* Misc updates and fixes - Updated Rust to v1.96.1 - Updated all the crates - Updated GitHub Actions - Updated the web-vault to v2026.6.2 - Updated Alpine to v3.24 - Fixed several clippy lints - The `send` UUID wrappers didn't need the special namespace anymore since an updated crate, so removed this extra mod. Signed-off-by: BlackDex <black.dex@gmail.com> * Update MSRV to v1.94.1 Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
name: Trivy
|
|
permissions: {}
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
tags:
|
|
- '*'
|
|
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
schedule:
|
|
- cron: '08 11 * * *'
|
|
|
|
jobs:
|
|
trivy-scan:
|
|
# Only run this in the upstream repo and not on forks
|
|
# When all forks run this at the same time, it is causing `Too Many Requests` issues
|
|
if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
|
|
name: Trivy Scan
|
|
permissions:
|
|
security-events: write # To write the security report
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 30
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
|
|
env:
|
|
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
|
|
TRIVY_JAVA_DB_REPOSITORY: docker.io/aquasec/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
|
|
with:
|
|
scan-type: repo
|
|
ignore-unfixed: true
|
|
format: sarif
|
|
output: trivy-results.sarif
|
|
severity: CRITICAL,HIGH
|
|
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
|
|
with:
|
|
sarif_file: 'trivy-results.sarif'
|