eclipse-tractusx · LuLeRoemer · Nov 30, 2022 · Nov 29, 2022 · Nov 29, 2022
diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
@@ -42,7 +42,7 @@ jobs:
       security-events: write
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: KICS scan
         uses: checkmarx/kics-github-action@master
@@ -67,6 +67,6 @@ jobs:
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: kicsResults/results.sarif
+          sarif_file: kicsResults/results.sarif
diff --git a/.github/workflows/trivy-scan.yml → .github/workflows/trivy.yml b/.github/workflows/trivy-scan.yml → .github/workflows/trivy.yml
@@ -15,14 +15,42 @@
 # under the License.
 
 # SPDX-License-Identifier: Apache-2.0
-name: Trivy Scan
+name: Trivy
 
 on:
   schedule:
-    - cron: 0 2 * * 0
+    - cron: 0 0 * * *
   workflow_dispatch:
 
 jobs:
+  analyze-config:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: "config"
+          # ignore-unfixed: true
+          exit-code: "1"
+          hide-progress: false
+          format: "sarif"
+          output: "trivy-results1.sarif"
+          severity: "CRITICAL,HIGH"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: "trivy-results1.sarif"
+
   analyze-semantic-hub:
     runs-on: ubuntu-latest
     permissions:
@@ -32,15 +60,18 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
       - uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: '11'
       - name: Build JAR
         run: mvn clean package
+
       - name: Build Image
         run: docker build -t semantic-hub ./backend
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -53,7 +84,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         if: always()
         with:
           sarif_file: "trivy-results-semantic-hub.sarif"