yaml
10 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
- name: Build image
run: docker build -t app:${{ github.sha }} .
- name: Scan image
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: app:${{ github.sha }}
severity: HIGH,CRITICAL
exit-code: '1'
ignore-unfixed: true
1 file · yaml
Explain with highlit
I scan container images before they ever reach a registry promotion step. Trivy gives quick visibility into OS packages, language dependencies, and misconfiguration issues in IaC. The important part is failing only on risk that the team is prepared to fix, otherwise the scan turns into wallpaper.
Share this code
Here's the card — post it anywhere.