28 lines
711 B
YAML
28 lines
711 B
YAML
name: Vulnerability Scan
|
|
|
|
on:
|
|
# enable running the workflow manually
|
|
workflow_dispatch:
|
|
schedule:
|
|
# run every night at 4:00 AM (UTC)
|
|
- cron: '0 4 * * *'
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
trivy-scan:
|
|
# only on original eclipse-hawkbit/hawkbit repo or when manually triggered
|
|
if: github.repository == 'eclipse-hawkbit/hawkbit' || github.event_name == 'workflow_dispatch'
|
|
strategy:
|
|
matrix:
|
|
branch: [master, "1.0"]
|
|
uses: ./.github/workflows/reusable_workflow_trivy-scan.yaml
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
# Enable Upload for both branches
|
|
with:
|
|
ref: ${{ matrix.branch }}
|
|
upload: true |