mirror of
https://github.com/kubereboot/kured.git
synced 2026-03-05 02:10:22 +00:00
feat: Add security scanning into CI
Without this patch, there is no way we can see, in the development process, if the image we are about to publish is insecure. This is a problem as we might be releasing new versions of kured with outdated base image which contains vulnerabilities. This fixes it by creating a job which will show any eventual vulnerability.
This commit is contained in:
Jean-Philippe Evrard
14
.github/workflows/vulnerability-scan.yaml
vendored
Normal file
14
.github/workflows/vulnerability-scan.yaml
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
# This should not be made a mandatory test
|
||||
# It is only used to make us aware of any potential security failure, that
|
||||
# should trigger a bump of the image in build/.
|
||||
name: "Image vulnerability scan"
|
||||
on: [push, pull_request]
|
||||
jobs:
|
||||
build-and-scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- run: make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" image
|
||||
- uses: Azure/container-scan@v0
|
||||
with:
|
||||
image-name: docker.io/${{ github.repository_owner }}/kured:${{ github.sha }}
|
||||
Reference in New Issue
Block a user