Refactor Trivy vulnerability scanning step in CI workflow to use the official action, simplifying installation and configuration.

2025-12-28 05:08:48 +01:00 · 2025-09-25 14:46:48 +03:00 · 2025-09-25 14:46:48 +03:00 · 361d4128f1
commit 361d4128f1
parent 3c3e93388e
1 changed files with 7 additions and 13 deletions
--- a/.github/workflows/e2e-testing.yml
+++ b/.github/workflows/e2e-testing.yml
@ -34,20 +34,14 @@ jobs:
          # Save the tag for later steps
          echo "WEKAN_IMAGE_TAG=$TAG" >> $GITHUB_ENV

-      - name: Install Trivy
-        run: |
-            sudo apt-get update
-            sudo apt-get install -y wget
-            wget https://github.com/aquasecurity/trivy/releases/latest/download/trivy_0.50.0_Linux-64bit.deb
-            sudo dpkg -i trivy_0.50.0_Linux-64bit.deb
-
      - name: Scan Wekan Docker image for vulnerabilities
-        env:
-            WEKAN_IMAGE_TAG: ${{ env.WEKAN_IMAGE_TAG }}
-            DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-        run: |
-            docker pull $DOCKERHUB_USERNAME/wekan:$WEKAN_IMAGE_TAG
-            trivy image $DOCKERHUB_USERNAME/wekan:$WEKAN_IMAGE_TAG || true
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/wekan:${{ env.WEKAN_IMAGE_TAG }}'
+          format: 'table'
+          severity: 'HIGH,CRITICAL'
+          ignore-unfixed: true
+          exit-code: 0

      - name: Create .env file
        run: |