Skip to content

Scheduled CVE vulnerability scan of published images. #1

Scheduled CVE vulnerability scan of published images.

Scheduled CVE vulnerability scan of published images. #1

name: vulnerability-scan-schedule
run-name: Scheduled CVE vulnerability scan of published images.
env:
REGISTRY: ghcr.io
on:
schedule:
- cron: '0 22 * * 3'
jobs:
vulnerability-scan-schedule:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
strategy:
matrix:
images: ${{ fromJson(vars.IMAGES) }}
steps:
- uses: actions/checkout@v4
with:
ref: 6.x
- name: Scan for vulnerabilities
id: scan
uses: crazy-max/ghaction-container-scan@v3
with:
image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}}
dockerfile: ./images/${{ matrix.images }}
- name: Upload SARIF file
if: ${{ steps.scan.outputs.sarif != '' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}