|
|
@@ -54,7 +54,7 @@ jobs:
|
|
|
bandit -r backend/ -f sarif -o bandit-results.sarif --severity-level medium || true
|
|
|
|
|
|
- name: Upload Bandit results to GitHub Security
|
|
|
- uses: github/codeql-action/upload-sarif@v3
|
|
|
+ uses: github/codeql-action/upload-sarif@v4
|
|
|
if: always()
|
|
|
with:
|
|
|
sarif_file: bandit-results.sarif
|
|
|
@@ -73,7 +73,7 @@ jobs:
|
|
|
run: docker build -t bambuddy:security-scan .
|
|
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
|
- uses: aquasecurity/trivy-action@master
|
|
|
+ uses: aquasecurity/trivy-action@v0.33.1
|
|
|
with:
|
|
|
image-ref: 'bambuddy:security-scan'
|
|
|
format: 'sarif'
|
|
|
@@ -81,14 +81,14 @@ jobs:
|
|
|
severity: 'CRITICAL,HIGH,MEDIUM'
|
|
|
|
|
|
- name: Upload Trivy results to GitHub Security
|
|
|
- uses: github/codeql-action/upload-sarif@v3
|
|
|
+ uses: github/codeql-action/upload-sarif@v4
|
|
|
if: always()
|
|
|
with:
|
|
|
sarif_file: trivy-results.sarif
|
|
|
category: trivy
|
|
|
|
|
|
- name: Run Trivy for Dockerfile/IaC
|
|
|
- uses: aquasecurity/trivy-action@master
|
|
|
+ uses: aquasecurity/trivy-action@v0.33.1
|
|
|
with:
|
|
|
scan-type: 'config'
|
|
|
scan-ref: '.'
|
|
|
@@ -97,7 +97,7 @@ jobs:
|
|
|
severity: 'CRITICAL,HIGH,MEDIUM'
|
|
|
|
|
|
- name: Upload Trivy config results
|
|
|
- uses: github/codeql-action/upload-sarif@v3
|
|
|
+ uses: github/codeql-action/upload-sarif@v4
|
|
|
if: always()
|
|
|
with:
|
|
|
sarif_file: trivy-config-results.sarif
|
maziggy