github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-06 16:36:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
072037acb00ab2a46b4f88840c996a35fc2e7d37
paralus/.github/workflows/security.yml
dependabot[bot] d128f6edc6 chore(deps): Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#338) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.23.0...0.24.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-31 10:50:27 +05:30

85 lines
2.4 KiB
YAML
Raw Blame History

name: Scan container images
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 4 * * 1' # Every Monday at 9:30 IST
jobs:
build-scan-paralus:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build an image from Dockerfile
run: |
docker build -f "Dockerfile" -t paralus:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: paralus:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
build-scan-paralus-init:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build an image from Dockerfile (paralus-init)
run: |
docker build -f "Dockerfile.initialize" -t paralus-init:${{ github.sha }} .
# skipping below binaries as they have vulnerabilities reported
# golang-migrate tracking issue - https://github.com/golang-migrate/migrate/issues/926
# kratos tracking - https://ory-community.slack.com/archives/C012RJ2MQ1H/p1684750686065509
- name: Run Trivy vulnerability scanner (paralus-init)
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: paralus-init:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
skip-files: '/usr/bin/kratos,/usr/bin/migrate'
severity: 'CRITICAL,HIGH'
build-scan-kratos-sync:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build an image from Dockerfile (kratos-sync)
run: |
docker build -f "Dockerfile.synchronizer" -t kratos-synchronizer:${{ github.sha }} .
- name: Run Trivy vulnerability scanner (kratos-sync)
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: kratos-synchronizer:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
Reference in New Issue View Git Blame Copy Permalink