Beanz/searxng
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor security.yml

Browse Source
This commit is contained in:
Ivan Gabaldon 2025-05-04 22:46:31 +02:00
parent 8f5296e8c7
commit 0969926add
No known key found for this signature in database
GPG Key ID: 075587C93FA67582
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
.github/workflows/security.yml vendored
View File

@ -1,4 +1,5 @@
name: Security checks ---
name: Security
# yamllint disable-line rule:truthy # yamllint disable-line rule:truthy
on: on:
@ -6,25 +7,30 @@ on:
schedule: schedule:
- cron: "42 05 * * *" - cron: "42 05 * * *"
permissions:
contents: read
jobs: jobs:
dockers: container:
name: Trivy ${{ matrix.image }} name: Container
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04-arm
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with: with:
image-ref: 'searxng/searxng:latest' persist-credentials: "false"
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab - name: Run Trivy scanner
uses: github/codeql-action/upload-sarif@v2 uses: aquasecurity/trivy-action@0.30.0
with: with:
sarif_file: 'trivy-results.sarif' image-ref: "docker.io/searxng/searxng:latest"
vuln-type: "os,library"
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignore-unfixed: "false"
format: "sarif"
output: "./trivy-results.sarif"
- name: Upload SARIFs
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "./trivy-results.sarif"