Skip to content

Scheduled Security Scan #4

Scheduled Security Scan

Scheduled Security Scan #4

name: Scheduled Security Scan
on:
schedule:
- cron: '0 2 * * 1' # Every Monday 2 AM
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
full-scan:
name: Weekly Full Vulnerability Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: .
format: sarif
output: weekly-trivy.sarif
severity: MEDIUM,HIGH,CRITICAL
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: weekly-trivy.sarif
category: weekly-scan