From 8f5b5e1499236ef5fc0fc5acdceb173f44992b9a Mon Sep 17 00:00:00 2001 From: Khalid <187553667+Hayyaaf@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:04:03 +0300 Subject: [PATCH] Add GitHub Actions workflow to scan Docker images Signed-off-by: Khalid <187553667+Hayyaaf@users.noreply.github.com> --- .github/workflows/docker-scan.yml | 52 +++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/docker-scan.yml diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml new file mode 100644 index 00000000..2ee3b7a5 --- /dev/null +++ b/.github/workflows/docker-scan.yml @@ -0,0 +1,52 @@ +name: Build and Scan Docker Images + +on: + workflow_dispatch: + +jobs: + build-and-scan: + name: ${{ matrix.folder }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + folder: ["curl", "httpd", "locust", "nginx", "wireshark"] + + steps: + - name: Checkout Repository + uses: actions/checkout@v4.2.2 + + - name: Log in to Docker Hub + # Required for Docker Scout + uses: docker/login-action@v3.3.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build Docker Image + run: | + FILES=$(find ./${{ matrix.folder }} -type f -iname 'dockerfile*') + if [ -z "$FILES" ]; then + echo "No Dockerfiles found in folder: ${{ matrix.folder }}. Skipping build." + exit 1 + fi + + for FILE in $FILES; do + IMAGE_NAME="${{ matrix.folder }}-$(basename $FILE | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-')" + echo "Building Docker image: $IMAGE_NAME using $FILE" + docker build -t $IMAGE_NAME -f $FILE ./${{ matrix.folder }} + echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV + done + + - name: Scan Docker Image + uses: docker/scout-action@v1.15.1 + with: + image: ${{ env.IMAGE_NAME }} + command: cves,recommendations + sarif-file: sarif.output.json + + - name: Export the Results + uses: actions/upload-artifact@v4.4.3 + with: + name: docker-scout-sarif-${{ matrix.folder }} + path: sarif.output.json