alma · gdraynz · Oct 9, 2024
@@ -1,30 +1,15 @@
 name: Aqua
+
 on:
   pull_request:
     branches:
       - main
+      - develop
 
 jobs:
   aqua:
     name: Aqua scanner
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Aqua scanner
-        uses: docker://aquasec/aqua-scanner
-        with:
-          args: trivy fs --sast --reachability --scanners misconfig,vuln,secret .
-          # To customize which severities add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          # To enable SAST scanning, add: --sast
-          # To enable reachability scanning, add: --reachability
-          # To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj
-        env:
-          AQUA_KEY: ${{ secrets.AQUA_KEY }}
-          AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
-          GITHUB_TOKEN: ${{ github.token }}
-          AQUA_URL: https://api.eu-1.supply-chain.cloud.aquasec.com
-          CSPM_URL: https://eu-1.api.cloudsploit.com
-          TRIVY_RUN_AS_PLUGIN: "aqua"
-          # For http/https proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate)
+    uses: alma/actions/.github/workflows/aqua.yml@v3
+    secrets: inherit
+    with:
+      service-account: github-gar-almasyliuspaymentpl@lyrical-carver-335213.iam.gserviceaccount.com