Scrape your manifests for container images, scan those images with Trivy for vulnerabilites and create GitHub issues from them.
# .github/workflows/trivy-cve-github-issue.yaml
on:
schedule:
- cron: "30 3 * * *"
jobs:
scan:
name: Scan
runs-on: ubuntu-20.04
steps:
- uses: docker/login-action@v2
with:
registry: private.registry.com
username: me
password: secure
- uses: actions/checkout@v3
- uses: airfocusio/trivy-cve-github-issue-action@main
with:
github-token: ${{ secrets.GITHUB_TOKEN }}