diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a9eec6447fd..fb93a369cf9 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,8 +1,20 @@ +# SPDX-License-Identifier: BSD-2-Clause-Patent +# Copyright (C) 2024 Intel Corporation. + name: Trivy scan on: - pull_request: + workflow_dispatch: + schedule: + - cron: '45 8 * * *' + push: branches: ["master", "release/**"] + pull_request: + paths: + - '**/go.mod' + - '**/pom.xml' + - '**/requirements.txt' + - '**/*trivy*' # Declare default permissions as nothing. permissions: {} @@ -11,6 +23,8 @@ jobs: build: name: Build runs-on: ubuntu-20.04 + permissions: + security-events: write steps: - name: Checkout code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/README.md b/README.md index 0bd1915919e..35fd647b185 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![Build](https://github.com/daos-stack/daos/actions/workflows/ci2.yml/badge.svg)](https://github.com/daos-stack/daos/actions/workflows/ci2.yml) [![Codespell](https://github.com/daos-stack/daos/actions/workflows/spelling.yml/badge.svg)](https://github.com/daos-stack/daos/actions/workflows/spelling.yml) [![Doxygen](https://github.com/daos-stack/daos/actions/workflows/doxygen.yml/badge.svg)](https://github.com/daos-stack/daos/actions/workflows/doxygen.yml) +[![Trivy scan](https://github.com/daos-stack/daos/actions/workflows/trivy.yml/badge.svg)](https://github.com/daos-stack/daos/actions/workflows/trivy.yml) diff --git a/utils/trivy/trivy.yaml b/utils/trivy/trivy.yaml index 293f7b1ba9f..2d3119efd37 100644 --- a/utils/trivy/trivy.yaml +++ b/utils/trivy/trivy.yaml @@ -1,6 +1,5 @@ cache: - backend: fs - clear: false + backend: memory dir: redis: ca: ""