From e3cac8f70113e12f8523bf6148c2f42853f409ea Mon Sep 17 00:00:00 2001 From: Vaibhav Bhalla Date: Mon, 15 Sep 2025 15:32:57 +0530 Subject: [PATCH 1/2] feat(ci-cd): add trivy scan add trivy scan instead of synk GH-150 --- .github/workflows/trivy.yaml | 29 +++++++++++++++++++++++++++++ README.md | 3 --- trivy.yml | 16 ++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/trivy.yaml create mode 100644 trivy.yml diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 0000000..90a1f93 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,29 @@ +# This is a basic workflow to help you get started with Actions + +name: Trivy Scan + +# Controls when the action will run. Triggers the workflow on push or pull request +# events but only for the master branch +on: + pull_request: + branches: [master] + types: [opened, synchronize, reopened] + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "trivy" + trivy: + # The type of runner that the job will run on + runs-on: [self-hosted, linux, codebuild] + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: "fs" + scan-ref: "${{ github.workspace }}" + trivy-config: "${{ github.workspace }}/trivy.yml" diff --git a/README.md b/README.md index 943f690..38a8af5 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,6 @@ Sonar Quality Gate - -Synk Status - GitHub contributors diff --git a/trivy.yml b/trivy.yml new file mode 100644 index 0000000..d855a42 --- /dev/null +++ b/trivy.yml @@ -0,0 +1,16 @@ +format: table +exit-code: 1 +severity: + - HIGH + - CRITICAL +skip-files: + - db.env +security-checks: + - vuln + - secret + - license +vulnerability: + type: + - os + - library + ignore-unfixed: true From a48f78863d8a3d2f442390049b5bed546bd18fe1 Mon Sep 17 00:00:00 2001 From: yeshamavani <83634146+yeshamavani@users.noreply.github.com> Date: Mon, 27 Oct 2025 18:10:50 +0530 Subject: [PATCH 2/2] chore(docs): update readme Corrected phrasing in the feedback section. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 38a8af5..f8141b8 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ export class MySequence implements SequenceHandler { If you've noticed a bug or have a question or have a feature request, [search the issue tracker](https://github.com/sourcefuse/loopback4-helmet/issues) to see if someone else in the community has already created a ticket. If not, go ahead and [make one](https://github.com/sourcefuse/loopback4-helmet/issues/new/choose)! -All feature requests are welcome. Implementation time may vary. Feel free to contribute the same, if you can. +All feature requests are welcome. Implementation time may vary. Feel free to contribute to the same, if you can. If you think this extension is useful, please [star](https://help.github.com/en/articles/about-stars) it. Appreciation really helps in keeping this project alive. ## Contributing