Aqua

Fix release-drafter config schema #207

	name: Aqua

	on:
	pull_request:
	branches:
	- master

	jobs:
	aqua:
	name: Code scanning
	runs-on: ubuntu-24.04

	permissions:
	contents: read
	id-token: write

	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	show-progress: false

	- name: Authenticate to Google Cloud
	id: gcloud-auth
	uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
	with:
	token_format: access_token
	workload_identity_provider: projects/699052769907/locations/global/workloadIdentityPools/github-identity-pool-shared/providers/github-identity-provider-shared # yamllint disable-line
	service_account: github-gar-widgets@lyrical-carver-335213.iam.gserviceaccount.com

	- name: Authenticate to Artifact Registry
	uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
	with:
	registry: europe-docker.pkg.dev
	username: oauth2accesstoken
	password: ${{ steps.gcloud-auth.outputs.access_token }}

	- name: Run Aqua scanner
	uses: docker://aquasec/aqua-scanner
	env:
	AQUA_KEY: ${{ secrets.AQUA_KEY }}
	AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
	GITHUB_TOKEN: ${{ github.token }}
	AQUA_URL: https://api.eu-1.supply-chain.cloud.aquasec.com
	CSPM_URL: https://eu-1.api.cloudsploit.com
	TRIVY_RUN_AS_PLUGIN: aqua
	TRIVY_DB_REPOSITORY: europe-docker.pkg.dev/lyrical-carver-335213/remote-cache-aquasec/trivy-db:2
	with:
	args: trivy fs --sast --reachability --scanners misconfig,vuln,secret .

Provide feedback