feat(ci-cd): add trivy scan (#240)

vaibhavbhalla2505 · Vaibhav  Bhalla · yeshamavani · web-flow · commit 8bea38faeb13 · 2025-10-27T18:29:30.000+05:30
add trivy scan and fix sonarqube issues GH-239 Co-authored-by: Vaibhav Bhalla <vaibhav.bhalla@SFSupports-MacBook-Air.local> Co-authored-by: yeshamavani <83634146+yeshamavani@users.noreply.github.com>
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -0,0 +1,29 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Trivy Scan
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  pull_request:
+    branches: [master]
+    types: [opened, synchronize, reopened]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "trivy"
+  trivy:
+    # The type of runner that the job will run on
+    runs-on: [self-hosted, linux, codebuild]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          scan-type: "fs"
+          scan-ref: "${{ github.workspace }}"
+          trivy-config: "${{ github.workspace }}/trivy.yml"
diff --git a/README.md b/README.md
@@ -9,9 +9,6 @@
 <a href="https://sonarcloud.io/summary/new_code?id=sourcefuse_loopback4-notifications" target="_blank">
 <img alt="Sonar Quality Gate" src="https://img.shields.io/sonar/quality_gate/sourcefuse_loopback4-notifications?server=https%3A%2F%2Fsonarcloud.io">
 </a>
-<a href="https://app.snyk.io/org/ashishkaushik/reporting?context[page]=issues-detail&project_target=%255B%2522sourcefuse%252Floopback4-notifications%2522%255D&project_origin=%255B%2522github%2522%255D&issue_status=%255B%2522Open%2522%255D&issue_by=Severity&table_issues_detail_cols=SCORE%257CCVE%257CCWE%257CPROJECT%257CEXPLOIT%2520MATURITY%257CAUTO%2520FIXABLE%257CINTRODUCED%257CSNYK%2520PRODUCT&v=1">
-<img alt="Synk Status" src="https://img.shields.io/badge/SYNK_SECURITY-MONITORED-GREEN">
-</a>
 <a href="https://github.com/sourcefuse/loopback4-notifications/graphs/contributors" target="_blank">
 <img alt="GitHub contributors" src="https://img.shields.io/github/contributors/sourcefuse/loopback4-notifications">
 </a>
diff --git a/src/providers/push/pubnub/pubnub.provider.ts b/src/providers/push/pubnub/pubnub.provider.ts
@@ -23,14 +23,11 @@ export class PubNubProvider implements Provider<PubNubNotification> {
 
   pubnubService: Pubnub;
   getGeneralMessageObject(message: PubNubMessage) {
-    const commonDataNotification: MessageConfig = Object.assign(
-      {
-        title: message.subject ?? '',
-        description: message.body,
-        body: message.body,
-      },
-      message.options,
-    );
+    const commonDataNotification: MessageConfig = {
+      title: message.subject ?? '',
+      description: message.body,
+      ...message.options,
+    };
     const pnFcm = {
       data: {
         ...commonDataNotification,
diff --git a/src/providers/sms/twilio/twilio.provider.ts b/src/providers/sms/twilio/twilio.provider.ts
@@ -39,26 +39,19 @@ export class TwilioProvider implements Provider<TwilioNotification> {
         }
         const publishes = message.receiver.to.map(async receiver => {
           const msg: string = message.body;
+          const isSMS: boolean =
+            receiver.type === TwilioSubscriberType.TextSMSUser;
           const twilioMsgObj: TwilioCreateMessageParams = {
             body: msg,
-            from:
-              receiver.type &&
-              receiver.type === TwilioSubscriberType.TextSMSUser
-                ? String(this.twilioConfig?.smsFrom)
-                : String(this.twilioConfig?.waFrom),
-            to:
-              receiver.type &&
-              receiver.type === TwilioSubscriberType.TextSMSUser
-                ? `+${receiver.id}`
-                : `whatsapp:+${receiver.id}`,
+            from: isSMS
+              ? String(this.twilioConfig?.smsFrom)
+              : String(this.twilioConfig?.waFrom),
+            to: isSMS ? `+${receiver.id}` : `whatsapp:+${receiver.id}`,
+            mediaUrl: message.mediaUrl,
           };
 
           // eslint-disable-next-line no-unused-expressions
-          message.mediaUrl && (twilioMsgObj.mediaUrl = message.mediaUrl);
-
-          // eslint-disable-next-line no-unused-expressions
-          receiver.type &&
-            receiver.type === TwilioSubscriberType.TextSMSUser &&
+          isSMS &&
             this.twilioConfig?.smsStatusCallback &&
             (twilioMsgObj.statusCallback =
               this.twilioConfig?.smsStatusCallback);
diff --git a/trivy.yml b/trivy.yml
@@ -0,0 +1,16 @@
+format: table
+exit-code: 1
+severity:
+  - HIGH
+  - CRITICAL
+skip-files:
+  - db.env
+security-checks:
+  - vuln
+  - secret
+  - license
+vulnerability:
+  type:
+    - os
+    - library
+  ignore-unfixed: true
