Trivy

Trivy #1371

	# Runs linter for Docker files
	name: Trivy

	on:
	workflow_dispatch:
	schedule:
	# Runs at 22:45 UTC on Thursday.
	- cron: '45 22 * * 4'
	push:
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	linux:
	name: Trivy
	runs-on: ${{ github.repository_owner == 'oneapi-src' && 'intel-ubuntu-22.04' \|\| 'ubuntu-latest' }}
	permissions:
	security-events: write

	steps:
	- name: Clone repo
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Run Trivy
	uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
	with:
	scan-type: 'config'
	hide-progress: false
	format: 'sarif'
	output: 'trivy-results.sarif'
	exit-code: 1 # Fail if issue found
	# file with suppressions: .trivyignore (in root dir)

	- name: Print report and trivyignore file
	run: \|
	echo "### Trivy ignore content:"
	cat .trivyignore
	echo "### Trivy report:"
	cat trivy-results.sarif

	- name: Upload results
	uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback