From b040172fe2e8e034e84634a55ac65aa4ec83fbc4 Mon Sep 17 00:00:00 2001
From: rjshrjndrn <rjshrjndrn@gmail.com>
Date: Mon, 14 Nov 2022 12:01:40 +0100
Subject: [PATCH] ci(actions): Integrate trivy scanner

---
 .github/workflows/workers.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/workers.yaml b/.github/workflows/workers.yaml
index 155b183ed..ccc49be17 100644
--- a/.github/workflows/workers.yaml
+++ b/.github/workflows/workers.yaml
@@ -89,6 +89,9 @@ jobs:
         for image in $(cat /tmp/images_to_build.txt);
         do
           echo "Bulding $image"
+          PUSH_IMAGE=0 bash -x ./build.sh skip $image
+          curl -L https://github.com/aquasecurity/trivy/releases/download/v0.34.0/trivy_0.34.0_Linux-64bit.tar.gz | tar -xzf - -C ./ 
+          ./trivy image --exit-code 1 --vuln-type os,library --severity "HIGH,CRITICAL"  --ignore-unfixed $DOCKER_REPO/$image:$IMAGE_TAG 
           PUSH_IMAGE=1 bash -x ./build.sh skip $image
           echo "::set-output name=image::$DOCKER_REPO/$image:$IMAGE_TAG"
         done