Skip to content

Commit

Permalink
[DDS-2006] Added separate vul14y workflows for 5.x and 6.x
Browse files Browse the repository at this point in the history
  • Loading branch information
GROwen committed Aug 15, 2024
1 parent 5a34cf9 commit d2838e3
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions .github/workflows/vulnerability-scan-schedule-5x.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: vulnerability-scan-schedule
run-name: Scheduled CVE vulnerability scan of published images.
env:
REGISTRY: ghcr.io
on:
schedule:
- cron: '0 22 * * 3'
jobs:
vulnerability-scan-schedule:
if: github.event_name == 'schedule'
runs-on: ubuntu-latest
strategy:
matrix:
images: ${{ fromJson(vars.IMAGES) }}
exclude:
- images: mailpit
steps:
- uses: actions/checkout@v4
with:
ref: 5.x
- name: Scan for vulnerabilities
id: scan
uses: crazy-max/ghaction-container-scan@v3
with:
image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}}
dockerfile: ./images/${{ matrix.images }}
- name: Upload SARIF file
if: ${{ steps.scan.outputs.sarif != '' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}

0 comments on commit d2838e3

Please sign in to comment.