Set up your GitHub Actions workflow with a specific version of Trivy
# ...
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
# ...
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
with:
version: v0.56.2
setup-trivy
uses actions/cache
under the hood but requires less configuration settings.
This caches the trivy binary so that next time you run, instead of downloading the binary it is loaded from the cache. This is not the same cache as other Trivy artifacts such as trivy-db
and trivy-java-db
.
The cache input is optional, and caching is turned off by default.
Caching is not supported for empty and latest
versions!
If you want to enable caching for Linux and MacOS runners, set the cache
input to true
and specify the version
.
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
with:
version: v0.56.2
cache: true
action/cache
doesn't support absolute path
for Windows runners (see here for more details).
To enable caching for Windows runner or if you need to change the Trivy installation directory for other reasons - use path
input.
setup-trivy
adds trivy-bin
directory to avoid caching unnecessary files
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
with:
version: v0.56.2
cache: true
path: "./bins"
There are cases when github.token
(default value for actions/checkout
) contains an invalid token for http://github.com
.
One of example for this when using GitHub Enterprise Server (GHES).
See more info in #10
To properly install Trivy, you need to populate token
from a secret or another step (e.g. from https://github.com/actions/create-github-app-token)
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
with:
version: v0.56.2
cache: true
token: ${{ secrets.GITHUB_PAT }}