mirror of
https://github.com/stefanprodan/podinfo.git
synced 2026-05-06 01:27:05 +00:00
32 lines
696 B
YAML
32 lines
696 B
YAML
name: cve-scan
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "master"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
trivy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Build image
|
|
id: build
|
|
run: |
|
|
IMAGE=test/podinfo:${GITHUB_SHA}
|
|
docker build -t ${IMAGE} .
|
|
echo "image=$IMAGE" >> $GITHUB_OUTPUT
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@v0.30.0
|
|
with:
|
|
image-ref: ${{ steps.build.outputs.image }}
|
|
format: table
|
|
exit-code: "1"
|
|
ignore-unfixed: true
|
|
vuln-type: os,library
|
|
severity: CRITICAL,HIGH
|