Skip to content

Rebuild all

Rebuild all #235

Workflow file for this run

name: Security Scans
on:
schedule: # weekly
- cron: '0 0 * * 0'
push:
pull_request:
workflow_dispatch:
jobs:
security-scanning:
name: "${{ matrix.DEPLOYMENT_NAME }} -- Security"
runs-on: ubuntu-22.04
strategy:
max-parallel: 5
fail-fast: false
matrix:
DEPLOYMENT_NAME: [ jwebbinar, roman, tike]
USE_FROZEN: [ 0 ]
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Set Up Environment
shell: bash
run: |
scripts/image-configure ${{ matrix.DEPLOYMENT_NAME }} --use-frozen ${{ matrix.USE_FROZEN }}
pip install -r requirements.txt
df -h
- name: Bandit Scan
shell: bash
continue-on-error: false
run: |
source setup-env
scripts/sscan-bandit
- name: Run Trivy vulnerability scanner on file system
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
ignore-unfixed: true
format: table
vuln-type: os,library
severity: 'CRITICAL,HIGH,MEDIUM'
scan-ref: deployments/${{ matrix.DEPLOYMENT_NAME }}/env-frozen
# - name: Anchore Scan
# uses: anchore/scan-action@v3
# with:
# fail-build: true
# severity-cutoff: high
# output-format: table
# path: deployments/${{ matrix.DEPLOYMENT_NAME }}/env-frozen