Skip to content

Commit

Permalink
ci: add trivy to scan docker image
Browse files Browse the repository at this point in the history
  • Loading branch information
cfabianski committed Aug 23, 2023
1 parent a8d6567 commit 0c71af5
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/workflows/canary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,13 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/bearer/bearer:canary-amd64"
format: "table"
exit-code: 0
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
10 changes: 10 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -141,3 +141,13 @@ jobs:
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/bearer/bearer:latest"
format: "table"
exit-code: 0
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"

0 comments on commit 0c71af5

Please sign in to comment.