From 96094e02a9590d635428ebe6fc0b09ea41feb571 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:12:53 +0100
Subject: [PATCH 1/6] added trivy in repo scan mode

---
 .github/workflows/trivy_scan.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/trivy_scan.yml

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
new file mode 100644
index 0000000..a69b0f4
--- /dev/null
+++ b/.github/workflows/trivy_scan.yml
@@ -0,0 +1,31 @@
+name: build
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '28 3 * * 5'
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
\ No newline at end of file

From 009028b4d9518797162354b38e1e9a742c4407a3 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:14:24 +0100
Subject: [PATCH 2/6] changed ci name

---
 .github/workflows/trivy_scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index a69b0f4..af3a83c 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -1,4 +1,4 @@
-name: build
+name: Repo Scan
 on:
   push:
     branches: [ "master" ]
@@ -10,7 +10,7 @@ on:
 
 jobs:
   build:
-    name: Build
+    name: repo_scan
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout code

From e76e34bd92593ddb2ed17f6a4cfbeb5c950d5f08 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:24:05 +0100
Subject: [PATCH 3/6] added docker scan mode

---
 .github/workflows/trivy_scan.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index af3a83c..137f92e 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -9,7 +9,7 @@ on:
     - cron: '28 3 * * 5'
 
 jobs:
-  build:
+  repo_scan:
     name: repo_scan
     runs-on: ubuntu-20.04
     steps:
@@ -25,6 +25,31 @@ jobs:
           output: 'trivy-results.sarif'
           severity: 'CRITICAL'
 
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+
+  docker_scan:
+    name: docker_scan
+    runs-on: ubuntu-20.04
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:

From 50eeb66a5bd9281c20ff0887528b525b3215c64c Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:45:40 +0100
Subject: [PATCH 4/6] changed docker build tar

---
 .github/workflows/trivy_scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index 137f92e..1020856 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -41,7 +41,7 @@ jobs:
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile .
+          docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile ./images/ckan/2.10/
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master

From 232f7de6aca39f23a6c99f45893cf23cc05165c0 Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 13:54:34 +0100
Subject: [PATCH 5/6] added ckan versions to be scanned

---
 .github/workflows/trivy_scan.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index 1020856..5d51dfb 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -42,11 +42,14 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile ./images/ckan/2.10/
+          docker build -t keitaro/ckan/2.10-focal:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile.focal ./images/ckan/2.10/
+          docker build -t keitaro/ckan/2.9:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile ./images/ckan/2.9/
+          docker build -t keitaro/ckan/2.9-focal:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile.focal ./images/ckan/2.9/
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
+          image-ref: 'keitaro/ckan/2.10:${{ github.sha }},keitaro/ckan/2.10-focal:${{ github.sha }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
 

From efdf8f19f986c3ebf04619839a23d4e6b97d703f Mon Sep 17 00:00:00 2001
From: "filip.mihajlovski" <filip.mihajlovski@keitaro.com>
Date: Mon, 15 Jan 2024 16:21:57 +0100
Subject: [PATCH 6/6] added more actions for 2.9 and 2.10 ckan versions

---
 .github/workflows/trivy_scan.yml | 76 ++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy_scan.yml b/.github/workflows/trivy_scan.yml
index 5d51dfb..e7e182f 100644
--- a/.github/workflows/trivy_scan.yml
+++ b/.github/workflows/trivy_scan.yml
@@ -31,8 +31,8 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
 
-  docker_scan:
-    name: docker_scan
+  scan_2_10:
+    name: scan_2_10
     runs-on: ubuntu-20.04
     steps:
 
@@ -42,14 +42,84 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile ./images/ckan/2.10/
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+
+  scan_2_10_focal:
+    name: scan_2_10_focal
+    runs-on: ubuntu-20.04
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
           docker build -t keitaro/ckan/2.10-focal:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile.focal ./images/ckan/2.10/
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'keitaro/ckan/2.10-focal:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  scan_2_9:
+    name: scan_2_9
+    runs-on: ubuntu-20.04
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
           docker build -t keitaro/ckan/2.9:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile ./images/ckan/2.9/
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'keitaro/ckan/2.9:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  scan_2_9_focal:
+    name: scan_2_9_focal
+    runs-on: ubuntu-20.04
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
           docker build -t keitaro/ckan/2.9-focal:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile.focal ./images/ckan/2.9/
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'keitaro/ckan/2.10:${{ github.sha }},keitaro/ckan/2.10-focal:${{ github.sha }}'
+          image-ref: 'keitaro/ckan/2.9-focal:${{ github.sha }}'
           format: 'sarif'
           output: 'trivy-results.sarif'