Skip to content

Add trivy yaml v2 #1292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

Add trivy yaml v2 #1292

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5f0b5f7
Added trivy.yaml separately
Naveen-Pal Apr 5, 2025
323e14b
fix
Naveen-Pal Apr 5, 2025
6231c82
Added Trivy config, ignore, undo ci-cd
Naveen-Pal Apr 6, 2025
53afc99
fixes
Naveen-Pal Apr 6, 2025
00a42bf
Merge branch 'main' into pr/Naveen-Pal/1289
arkid15r Apr 6, 2025
e515ffb
Update code
arkid15r Apr 6, 2025
6666472
fix: 'config' to 'trivy-config'
Naveen-Pal Apr 6, 2025
e1838b2
alphabetical
Naveen-Pal Apr 6, 2025
12a6fe6
Merge branch 'main' into add-trivy-yaml
Naveen-Pal Apr 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/run-ci-cd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ jobs:
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
scan-type: repo
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

scan-ci-dependencies:
name: Run CI Denendencies Scan
Expand All @@ -198,7 +198,7 @@ jobs:
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
scan-type: fs
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

build-staging-images:
name: Build Staging Images
Expand Down Expand Up @@ -271,14 +271,14 @@ jobs:
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

- name: Scan frontend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

deploy-staging-nest:
name: Deploy Nest Staging
Expand Down Expand Up @@ -435,14 +435,14 @@ jobs:
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

- name: Scan frontend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
severity: HIGH,CRITICAL
trivy-config: trivy.yaml

deploy-production-nest:
name: Deploy Nest to Production
Expand Down
7 changes: 7 additions & 0 deletions .trivyignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
CVE-2024-55549 # libxslt use-after-free
CVE-2024-56171 # libxml2 use-after-free
CVE-2024-8176 # libexpat stack overflow
CVE-2025-24855 # libxslt use-after-free
CVE-2025-24928 # libxml2 buffer overflow
CVE-2025-27113 # libxml2 null dereference
CVE-2025-31115 # xz heap use-after-free
17 changes: 17 additions & 0 deletions trivy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
filesystem:
skip-dirs:
- backend/.venv/
- frontend/node_modules/

timeout: 10m

vulnerability:
ignore-unfixed: true
ignorefile: .trivyignore
security-checks:
- config
- secret
- vuln
severity:
- CRITICAL
- HIGH