From e76e34bd92593ddb2ed17f6a4cfbeb5c950d5f08 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:24:05 +0100
Subject: [PATCH] added docker scan mode

---
 .github/workflows/trivy_scan.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index af3a83c..137f92e 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -9,7 +9,7 @@ on:
     - cron: '28 3 * * 5'
 
 jobs:
-  build:
+  repo_scan:
     name: repo_scan
     runs-on: ubuntu-20.04
     steps:
@@ -25,6 +25,31 @@ jobs:
           output: 'trivy-results.sarif'
           severity: 'CRITICAL'
 
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+
+  docker_scan:
+    name: docker_scan
+    runs-on: ubuntu-20.04
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with: