🔒️(trivy) run trivy scan on sources (not in docker)

Inside the docker images, trivy does not detect frontend issues,
we run trivy here to have the lock files.
This does not work well for python packages.
This commit is contained in:
Quentin BEY
2025-12-05 09:48:14 +01:00
parent a1ed561204
commit 39bf8f0c2d
+19
View File
@@ -200,3 +200,22 @@ jobs:
- name: Run tests
run: ~/.local/bin/pytest -n 2
security-trivy-critical:
permissions:
contents: read
security-events: write
runs-on: ubuntu-latest
steps:
- name: Run Trivy analysis for critical vulnerabilities
# We use main branch while we might still iterate on the action
uses: numerique-gouv/action-trivy-cache/security-trivy-critical@main
security-trivy:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Run Trivy analysis for vulnerabilities
# We use main branch while we might still iterate on the action
uses: numerique-gouv/action-trivy-cache/security-trivy@main