ci(actions): Integrate trivy scanner
This commit is contained in:
rjshrjndrn
parent
cb8be18f11
commit
b040172fe2
1 changed files with 3 additions and 0 deletions
3
.github/workflows/workers.yaml
vendored
3
.github/workflows/workers.yaml
vendored
|
|
@ -89,6 +89,9 @@ jobs:
|
|||
for image in $(cat /tmp/images_to_build.txt);
|
||||
do
|
||||
echo "Bulding $image"
|
||||
PUSH_IMAGE=0 bash -x ./build.sh skip $image
|
||||
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.34.0/trivy_0.34.0_Linux-64bit.tar.gz | tar -xzf - -C ./
|
||||
./trivy image --exit-code 1 --vuln-type os,library --severity "HIGH,CRITICAL" --ignore-unfixed $DOCKER_REPO/$image:$IMAGE_TAG
|
||||
PUSH_IMAGE=1 bash -x ./build.sh skip $image
|
||||
echo "::set-output name=image::$DOCKER_REPO/$image:$IMAGE_TAG"
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue