Skip to content

Commit

Permalink
implement workflow to scan latest released docker image
Browse files Browse the repository at this point in the history
Signed-off-by: ImpSy <[email protected]>
  • Loading branch information
ImpSy committed Sep 17, 2024
1 parent 9f0c08a commit 4ef0d43
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
32 changes: 32 additions & 0 deletions .github/workflows/trivy-image-scanning.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Trivy image scanning
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 1' # Every Monday at 00:00

jobs:
image-scanning:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Add image to environment
run: make print-IMAGE >> $GITHUB_ENV

- name: trivy scan for github security tab
uses: aquasecurity/[email protected]
with:
image-ref: '${{ env.IMAGE }}'
format: 'sarif'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
timeout: 30m0s

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ version: ## Print version information.
@echo "Git SHA: ${GIT_SHA}"
@echo "Git Version: ${GIT_VERSION}"

.PHONY: print-%
print-%: ; @echo $*=$($*)

##@ Development

.PHONY: manifests
Expand Down

0 comments on commit 4ef0d43

Please sign in to comment.