From 0105373003c89c494a3f436bd5efc57f3ac1ca20 Mon Sep 17 00:00:00 2001
From: simar7 <1254783+simar7@users.noreply.github.com>
Date: Wed, 29 Jun 2022 14:34:09 -0700
Subject: [PATCH] docs(trivy): Add instructions to scan tarballs. (#134)

Signed-off-by: Simar <simar@linux.com>
---
 README.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/README.md b/README.md
index 3597d00..5a41974 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,35 @@ jobs:
           severity: 'CRITICAL,HIGH'
 ```
 
+
+### Scanning a Tarball
+```yaml
+name: build
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Generate tarball from image
+      run: |
+        docker pull <your-docker-image>
+        docker save -o vuln-image.tar <your-docker-image>
+        
+    - name: Run Trivy vulnerability scanner in tarball mode
+      uses: aquasecurity/trivy-action@master
+      with:
+        input: /github/workspace/vuln-image.tar
+        severity: 'CRITICAL,HIGH'
+```
+
 ### Using Trivy with GitHub Code Scanning
 If you have [GitHub code scanning](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) available you can use Trivy as a scanning tool as follows:
 ```yaml