fix install trivy #2

Summary
Jobs
- Docker Scan
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/daily_scan.yml at cc8861a

	name: KRE Fat Docker Image to DockerHub
	on:
	pull_request: {}
	push:
	paths:
	- ".github/workflows/*"
	# schedule:
	# - cron: '20 17 * * *'

	jobs:
	Scan:
	name: Docker Scan
	runs-on: ubuntu-latest
	env:
	DD_URL: https://katalon-vulma.katalon.com
	DD_API_KEY: ${{ secrets.DD_TOKEN }}
	DD_PRODUCT_TYPE_NAME: Katalon Studio
	DD_SSL_VERIFY: 0
	steps:
	- name: install tool
	run: \|
	set -e
	sudo apt-get install wget gnupg
	wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| gpg --dearmor \| sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
	echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" \| sudo tee -a /etc/apt/sources.list.d/trivy.list
	sudo apt-get update
	sudo apt-get install trivy
	pip3 install dd-import
	- name: scan image
	run: \|
	set -e
	trivy image --format json -o trivy_10_latest.json katalonstudio/katalon:10-latest
	trivy image --format json -o trivy_10_latest_slim.json katalonstudio/katalon:10-latest-slim
	trivy image --format json -o trivy_9_latest.json katalonstudio/katalon:9-latest
	trivy image --format json -o trivy_9_latest_slim.json katalonstudio/katalon:9-latest-slim

	- name: Upload 10-latest to DefectDojo
	env:
	DD_ENGAGEMENT_NAME: Container Scan
	DD_PRODUCT_NAME: KRE-10-latest
	DD_TEST_NAME: Trivy
	DD_TEST_TYPE_NAME: Trivy Scan
	DD_FILE_NAME: trivy_10_latest.json
	DD_SERVICE: dd-import
	run: \|
	dd-reimport-findings

	- name: Upload 10-latest-slim to DefectDojo
	env:
	DD_ENGAGEMENT_NAME: Container Scan
	DD_PRODUCT_NAME: KRE-10-latest-slim
	DD_TEST_NAME: Trivy
	DD_TEST_TYPE_NAME: Trivy Scan
	DD_FILE_NAME: trivy_10_latest_slim.json
	DD_SERVICE: dd-import
	run: \|
	dd-reimport-findings

	- name: Upload 9-latest to DefectDojo
	env:
	DD_ENGAGEMENT_NAME: Container Scan
	DD_PRODUCT_NAME: KRE-9-latest
	DD_TEST_NAME: Trivy
	DD_TEST_TYPE_NAME: Trivy Scan
	DD_FILE_NAME: trivy_9_latest.json
	DD_SERVICE: dd-import
	run: \|
	dd-reimport-findings

	- name: Upload 9-latest-slim to DefectDojo
	env:
	DD_ENGAGEMENT_NAME: Container Scan
	DD_PRODUCT_NAME: KRE-9-latest-slim
	DD_TEST_NAME: Trivy
	DD_TEST_TYPE_NAME: Trivy Scan
	DD_FILE_NAME: trivy_9_latest_slim.json
	DD_SERVICE: dd-import
	run: \|
	dd-reimport-findings

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix install trivy #2

Workflow file

fix install trivy #2

Jobs

Run details

Workflow file for this run