mirror of
https://github.com/aljazceru/ark.git
synced 2026-01-23 05:34:24 +01:00
36 lines
854 B
YAML
36 lines
854 B
YAML
name: Trivy Security Scan
|
|
|
|
on:
|
|
push:
|
|
branches: ["master"]
|
|
pull_request:
|
|
branches: ["master"]
|
|
|
|
jobs:
|
|
build:
|
|
name: Build and Scan
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v1
|
|
|
|
- name: Build an image from Dockerfile
|
|
uses: docker/build-push-action@v2
|
|
with:
|
|
context: .
|
|
load: true
|
|
tags: ${{ github.repository }}:${{ github.sha }}
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@0.24.0
|
|
with:
|
|
image-ref: "${{ github.repository }}:${{ github.sha }}"
|
|
format: "table"
|
|
exit-code: "1"
|
|
ignore-unfixed: true
|
|
vuln-type: "os,library"
|
|
severity: "CRITICAL,HIGH"
|