Add aquasecurity/trivy-action and aquasecurity/setup-trivy

[lhotari]

Request for adding a new GitHub Action to the allow list

Overview

GitHub Actions for Trivy security scanner.

Name of action:
aquasecurity/trivy-action
aquasecurity/setup-trivy

aquasecurity/trivy-action@57a97c7 requires aquasecurity/setup-trivy@e6c2c5e. That's why these are combined in a single PR.

URL of action:
https://github.com/marketplace/actions/aqua-security-trivy
https://github.com/aquasecurity/trivy-action
https://github.com/aquasecurity/setup-trivy

Version to pin to (hash only):

• aquasecurity/trivy-action: 57a97c7e7821a5776cebc9bb87c984fa69cba8f1
• aquasecurity/setup-trivy e6c2c5e321ed9123bda567646e2f96565e34abe1

Permissions

Related Actions

Checklist

You should be able to check most of these boxes for an action to be considered for review.
Please check all boxes that currently apply:

• The action is listed in the GitHub Actions Marketplace
• The action is not already on the list of approved actions
• The action has a sufficient number of contributors or has contributors within the ASF community
• The action has a clearly defined license
• The action is actively developed or maintained
• The action has CI/unit tests configured

[potiuk]

Just checking. Are you sure of that after 2 security incidents in a month @lhotari ? Or you think they will pay more attention to security now? I kind of lost faith.

[kevinjqliu]

before moving forward, we should probably wait for the conclusion from the ASF's Trivy Security Incident

[lhotari]

Just checking. Are you sure of that after 2 security incidents in a month @lhotari ? Or you think they will pay more attention to security now? I kind of lost faith.

@potiuk Valid point, however the value that Trivy has been providing with the security vulnerability scanning of docker images is very high.

If we were to improve the security of using trivy, creating a custom trivy action would be helpful. That's something that I'm considering. Trivy binaries are signed with cosign/sigstore and it's possible to check that the binaries haven't been tampered after the release. There could also be support for providing a sha256 checksum explicitly.

For runtime execution, it's possible to sandbox trivy with either Docker or a Linux namespaces based sandbox such as
Antropic's Sandbox Runtime (srt), https://github.com/anthropic-experimental/sandbox-runtime which is based on
https://github.com/containers/bubblewrap that is also used by Flatpak for configurable isolation.

When using a docker sandbox, it would be locked down to prevent any other access than the files to scan. It wouldn't be given access to /var/run/docker.sock for example, which is the default way to use trivy image scan. Trivy can also scan a image.tar file. The benefit of Antropic's srt is that it can also lock down network access to specific hosts/domains. That's why I'd prefer srt for this use case.

I'll prototype this approach to sandbox trivy in a custom action.

[lhotari]

I created https://github.com/marketplace/actions/sandboxed-trivy to replace trivy-action. Instead of running the trivy binary directly, it runs the trivy docker image with minimal permissions and without access to /var/run/docker.sock to pull local images.

[lhotari]

replaced by #582