.github/workflows/trivy-scan.yml

name: Trivy Vulnerability Scan

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  trivy-scan:
    name: Run Trivy Vulnerability Scan
    runs-on: ubuntu-latest

    steps:
    - name: Check out the code
      uses: actions/checkout@v2

    - name: Set up Go
      uses: actions/setup-go@v2
      with:
        go-version: '^1.17'  # Specify the Go version to match your project requirements

    - name: Install Trivy
      run: |
        sudo apt-get install wget apt-transport-https software-properties-common -y
        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
        echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
        sudo apt-get update
        sudo apt-get install trivy -y

    - name: Run Trivy filesystem scan on go.mod
      run: trivy fs --exit-code 1 --no-progress --severity HIGH,CRITICAL ./go.mod