Skip to content

Commit

Permalink
Add vulnerability scanning
Browse files Browse the repository at this point in the history
  • Loading branch information
@vremenar @jveski
vremenar authored and jveski committed May 22, 2024
1 parent 34229dd commit 31d44ed
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion .github/workflows/docker-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ jobs:
- name: Get current date
id: date
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@master
- name: Build and push
uses: docker/build-push-action@v5
with:
Expand All @@ -46,4 +48,13 @@ jobs:
${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

0 comments on commit 31d44ed

Please sign in to comment.