Skip to content

Commit

Permalink
👷 [maykinmedia/objects-api#463] Add trivy image scan
Browse files Browse the repository at this point in the history
  • Loading branch information
stevenbal committed Oct 18, 2024
1 parent d580306 commit b57c85e
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -108,3 +108,36 @@ jobs:
name: docker-image
path: image.tar
retention-days: 1

image_scan:
runs-on: ubuntu-latest
name: Scan docker image
needs:
- docker-build

steps:
# So the scanner gets commit meta-information
- name: Checkout code
uses: actions/checkout@v4

- name: Download built image
uses: actions/download-artifact@v4
with:
name: docker-image

- name: Scan image with Trivy
uses: aquasecurity/trivy-action@master
with:
input: ${{ github.workspace }}/image.tar # from download-artifact
format: 'sarif'
output: 'trivy-results-docker.sarif'
ignore-unfixed: true
# env:
# # Uses the cache from trivy.yml workflow
# TRIVY_SKIP_DB_UPDATE: true
# TRIVY_SKIP_JAVA_DB_UPDATE: true

- name: Upload results to GH Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results-docker.sarif'

0 comments on commit b57c85e

Please sign in to comment.