4.3.2 Integrating Trivy with GHA
Let's integrate trivy in the Github Actions using a custom workflow trivy.yaml
using the below command
cd ~/playground/
git checkout main
git pull
cp -r ~/s4cpcode/chapter4/4D/. ~/playground/
git status
git add .
git commit -m "Integrating Trivy with GHA"
git push
โก Triggering Trivyโ
- Now that the Github Actions workflow is added, let's trigger it using the command below which will update the necessary code to trigger trivy and also created a new branch called
trivy
cd ~/playground/
cp -r ~/s4cpcode/chapter4/4DD/. ~/playground/
git checkout -b trivy
git status
git add .
git commit -m "checking out trivy"
git push --set-upstream origin trivy
๐ Create PRโ
Let's create a PR from the newly created trivy
branch to main
branch
๐๏ธ View PRโ
- Trivy GHA Started
- Trivy Score
๐ Merge the PRโ
- Let's now merge the PR in order to view the complete Trivy report which will be shared as an artifact
๐๏ธ View Trivy Artifactโ
Once the complete Trivy and Docker Github actions complete, we can now view the artifact shared by the trivy workflow containing details of the vulnerabilities
- Open Trivy Workflow
- Trivy Report
๐ Make note of Docker Imageโ
Once the Docker Github Action workflow is complete, ensure to make a note of the docker image name in the output and paste it into the notes.md Docker CI
section as shown below
- Open the Github Action for Docker that is executed after merge as shown below
- Copy the Docker image name as shown below and paste it into notes.md.
Docker Image
Please ensure to note the above docker image name as we'll be requiring it to run it on the Kubernetes infrastructure in the next chapter.
End of Chapter 4
That completes the Chapter 4, before you move to Chapter 5
- Ensure your Docker CI Github Actions is all set up and running.
- Ensure you have understood what a Golden Docker Image is and have it setup and also made a note of the Docker Image
- Ensure you have integrated Trivy in your GHA.