tum
/
soc


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
							# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Trivy scan Wazuh manager

on:
  release:
    types:
    - published
  pull_request:
    branches:
      - main
  schedule:
    - cron: '34 2 * * 1'
  workflow_dispatch:

permissions:
  contents: read

jobs:
  build:
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

    name: Build images and upload Trivy results
    runs-on: "ubuntu-22.04"
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Installing dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y jq

      - name: Checkout latest tag
        run: |
          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
          git fetch origin
          git checkout $latest

      - name: Build Wazuh images
        run: build-docker-images/build-images.sh

      - name: Create enviroment variables
        run: |
          cat .env > $GITHUB_ENV
          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV

      - name: Run Trivy vulnerability scanner for Wazuh manager
        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
        with:
          image-ref: 'wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results-manager.sarif'
          severity: 'LOW,MEDIUM,CRITICAL,HIGH'

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: 'trivy-results-manager.sarif'

      - name: Slack notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_CHANNEL: cicd-monitoring
          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
          #SLACK_ICON: https://github.com/rtCamp.png?size=48
          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
          SLACK_USERNAME: github_actions
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}