Skip to main content

4.3.2 Integrating Trivy with GHA

Youtube ๐Ÿ“บ

Let's integrate trivy in the Github Actions using a custom workflow trivy.yaml using the below command

cd ~/playground/
git checkout main
git pull
cp -r ~/s4cpcode/chapter4/4D/. ~/playground/
git status
git add .
git commit -m "Integrating Trivy with GHA"
git push

โšก Triggering Trivyโ€‹

  • Now that the Github Actions workflow is added, let's trigger it using the command below which will update the necessary code to trigger trivy and also created a new branch called trivy
cd ~/playground/
cp -r ~/s4cpcode/chapter4/4DD/. ~/playground/
git checkout -b trivy
git status
git add .
git commit -m "checking out trivy"
git push --set-upstream origin trivy

๐Ÿ”„ Create PRโ€‹

Let's create a PR from the newly created trivy branch to main branch

๐Ÿ‘๏ธ View PRโ€‹

  • Trivy GHA Started

  • Trivy Score

๐Ÿ”€ Merge the PRโ€‹

  • Let's now merge the PR in order to view the complete Trivy report which will be shared as an artifact

๐Ÿ‘๏ธ View Trivy Artifactโ€‹

Once the complete Trivy and Docker Github actions complete, we can now view the artifact shared by the trivy workflow containing details of the vulnerabilities

  • Open Trivy Workflow

  • Trivy Report

๐Ÿ“ Make note of Docker Imageโ€‹

Once the Docker Github Action workflow is complete, ensure to make a note of the docker image name in the output and paste it into the notes.md Docker CI section as shown below

  • Open the Github Action for Docker that is executed after merge as shown below

  • Copy the Docker image name as shown below and paste it into notes.md.

Docker Image

Please ensure to note the above docker image name as we'll be requiring it to run it on the Kubernetes infrastructure in the next chapter.

End of Chapter 4

That completes the Chapter 4, before you move to Chapter 5