Merge pull request #453 from catenax-ng/feature/420-add-contractagree… #490

	# Depending on the location of your Docker container
	# you need to change the path to the specific Docker registry.
	#
	name: "Trivy vulnerability scanner for image"

	on:
	workflow_dispatch: # Trigger manually
	pull_request:
	paths-ignore:
	- '*/.md'
	- '*/.txt'
	- 'charts/**'
	- 'docs/**'
	- 'local/**'
	- 'CHANGELOG.md'
	push:
	branches:
	- main
	tags:
	- '**'
	schedule:
	- cron: '0 0 * * *' # Once a day

	jobs:
	analyze-irs-api:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	services:
	registry:
	image: registry:2
	ports:
	- 5000:5000

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Build image
	uses: docker/build-push-action@v5
	with:
	context: .
	push: true
	tags: localhost:5000/irs-api:testing

	# It's also possible to scan your private registry with Trivy's built-in image scan.
	# All you have to do is set ENV vars.
	# Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
	# You don't need to set ENV vars when downloading from a public repository.
	# For public images, no ENV vars must be set.
	- name: Run Trivy vulnerability scanner
	if: always()
	uses: aquasecurity/trivy-action@master
	with:
	# Path to Docker image
	image-ref: "localhost:5000/irs-api:testing"
	format: "sarif"
	output: "trivy-results2.sarif"
	exit-code: "1"
	severity: "CRITICAL,HIGH"
	trivyignores: .config/.trivyignore

	- name: Upload Trivy scan results to GitHub Security tab
	if: always()
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results2.sarif"
	ref: ${{ github.event.inputs.ref }}
	sha: ${{ github.event.inputs.sha }}

Provide feedback