mirror of
https://github.com/stefanprodan/podinfo.git
synced 2026-04-20 17:56:41 +00:00
29 lines
665 B
YAML
29 lines
665 B
YAML
name: cve-scan
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'master'
|
|
|
|
jobs:
|
|
trivy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
- name: Build image
|
|
id: build
|
|
run: |
|
|
IMAGE=test/podinfo:${GITHUB_SHA}
|
|
docker build -t ${IMAGE} .
|
|
echo "::set-output name=image::$IMAGE"
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: ${{ steps.build.outputs.image }}
|
|
format: table
|
|
exit-code: "1"
|
|
ignore-unfixed: true
|
|
vuln-type: os,library
|
|
severity: CRITICAL,HIGH
|