Skip to content

Commit

Permalink
Updated 5.x scan to reusable workflow.
Browse files Browse the repository at this point in the history
  • Loading branch information
GROwen committed Aug 30, 2024
1 parent 99188fa commit 7fc0ba7
Showing 1 changed file with 4 additions and 17 deletions.
21 changes: 4 additions & 17 deletions .github/workflows/vulnerability-scan-schedule-5x.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: vulnerability-scan-schedule
run-name: Scheduled CVE vulnerability scan of published images.
name: vulnerability-scan-schedule-5.x
run-name: Scheduled CVE vulnerability scan of 5.x published images.
env:
REGISTRY: ghcr.io
on:
Expand All @@ -15,23 +15,10 @@ jobs:
exclude:
- images: mailpit
steps:
- uses: actions/checkout@v4
with:
ref: 5.x
- name: Scan for vulnerabilities
- name: Scan for vulnerabilities on 5.x tags
id: scan
uses: crazy-max/ghaction-container-scan@v3
uses: dpc-sdp/bay/.github/workflows/vulnerability-scan-schedule.yml@feature/specify-branch-on-scan-5.x
with:
image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:5.x
annotations: true
dockerfile: ./images/${{ matrix.images }}
- name: Upload SARIF file for review.
uses: actions/upload-artifact@v3
with:
path: ${{ steps.scan.outputs.sarif}}
retention-days: 7
- name: Upload SARIF file
if: ${{ steps.scan.outputs.sarif != '' }}
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}

0 comments on commit 7fc0ba7

Please sign in to comment.