Run Trivy Scan - Linux - With Summary A GitHub Composite Action to run a Trivy scan for vulnerabilities and generate a consolidated summary report.
Installs and configures Trivy for scanning.
Scans the specified directory for vulnerabilities.
Supports various scanners (vulnerabilities, misconfigurations, secrets, licenses).
Consolidates results into a Markdown report and adds a summary to the GitHub Action workflow.
Name
Description
Required
Default
working_dirWorking directory for the scan
No
.
severitySeverity levels to flag on
No
LOW,MEDIUM,HIGH,CRITICAL
typeType of scan to run (e.g., fs)
No
fs
Generates a Markdown report summarizing detected vulnerabilities.
Adds the summary report to the GitHub Actions workflow log via $GITHUB_STEP_SUMMARY.
name : Trivy Scan Workflow
on :
push :
branches :
- main
jobs :
trivy-scan :
name : Trivy Scan Analysis
runs-on : ubuntu-latest
steps :
- uses : actions/checkout@v4
- name : Run Trivy Scan
uses : Xander-Rudolph/trivy-scan@main
with :
severity : " HIGH,CRITICAL"
Add this composite action to your repository.
Include it in your GitHub Actions workflow file.
Trivy Installation : Downloads and installs Trivy using the official repository.Scan Execution : Runs a Trivy scan based on specified inputs (working_dir, severity, type) and outputs results in JSON format.Report Generation :
Converts the Trivy JSON results into a Markdown summary.
Appends the Markdown summary to reportssummary.md.
Logs the summary in $GITHUB_STEP_SUMMARY for easy viewing in the GitHub Actions interface.
Package
Vulnerability ID
Severity
Description
example-pkg
CVE-2023-12345
HIGH
Example vulnerability description.
This action uses the Trivy CLI. Refer to the Trivy documentation for more details.
Ensure your runner has sufficient permissions to install dependencies and execute commands.