Merge pull request #87 from atlanhq/trivy

GRC-82 : Better trivy logs

.github/workflows/trivy.yml

@@ -7,12 +7,14 @@ name: trivy
 
 on:
   push:
-    branches: [ "master" ]
+    branches:
+      - master
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches:
+      - master
   schedule:
-    - cron: '27 9 * * 6'
+    - cron: '35 21 * * 4'
 
 permissions:
   contents: read
@@ -24,25 +26,30 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Build
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-24.04"
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+          docker build -t docker.io/atlanhq/argopm:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        uses: aquasecurity/trivy-action@0.24.0
         with:
-          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          image-ref: 'docker.io/atlanhq/argopm:${{ github.sha }}'
+          format: 'table'
+
+      - name: Generate trivy results for GitHub Security tab
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'docker.io/atlanhq/argopm:${{ github.sha }}'
+          format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'trivy-results.sarif'