Skip to content

chore(deps): update github-actions #16

chore(deps): update github-actions

chore(deps): update github-actions #16

name: Secrets Scan with Trivy
on:
pull_request:
permissions:
contents: read
pull-requests: write
jobs:
scan:
runs-on: ubuntu-latest
if: ${{ !contains(github.actor, '[bot]') }} # [bot]を含む場合は除外する
steps:
- name: Checkout
uses: actions/checkout@v4.1.1
with:
ref: ${{ github.head_ref }}
- name: Run Aqua Security Trivy
uses: aquasecurity/trivy-action@0.15.0
with:
scan-type: fs
scan-ref: . # default
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL # default
scanners: secret
output: trivy.txt
exit-code: 1
- name: Post PR comments
if: failure()
env:
GITHUB_TOKEN: ${{ github.token }}
URL: ${{ github.event.pull_request.html_url }}
run: |
sed -i -e '1i ```' -e '$a ```\nこのactionについては [Notion](https://www.notion.so/globisorg/GitHub-dcb884f8df2646df8d8e686bd6290d46) を参照。' trivy.txt
gh pr comment -F ./trivy.txt "${URL}"