Update to use trivy action. (#124)

oracle · Nov 21, 2024 · 07c8c9c · 07c8c9c
1 parent a4bd998
commit 07c8c9c
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/.github/workflows/build-trivy.yaml b/.github/workflows/build-trivy.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Oracle Corporation and/or its affiliates.
+# Copyright 2023, 2024, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # https://oss.oracle.com/licenses/upl.
 
@@ -13,14 +13,13 @@ on:
 jobs:
   trivy-scan:
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/aquasecurity/trivy:latest
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock
-        - /home/runner/work/coherence-helidon-sockshop-sample/coherence-helidon-sockshop-sample:/repo
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-      - name: Trivy Scan
-        run: trivy fs --exit-code 1 /repo
+      - name: Run Trivy vulnerability scanner to scan repo
+        uses: aquasecurity/trivy-action@0.29.0
+        with:
+          scan-type: 'fs'
+          exit-code: 1