jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci(actions): Integrate trivy scanner

Browse source
This commit is contained in:
rjshrjndrn 2022-11-14 12:01:40 +01:00
parent cb8be18f11
commit b040172fe2
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/workers.yaml vendored
View file

@ -89,6 +89,9 @@ jobs:
for image in $(cat /tmp/images_to_build.txt); for image in $(cat /tmp/images_to_build.txt);
do do
echo "Bulding $image" echo "Bulding $image"
PUSH_IMAGE=0 bash -x ./build.sh skip $image
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.34.0/trivy_0.34.0_Linux-64bit.tar.gz | tar -xzf - -C ./
./trivy image --exit-code 1 --vuln-type os,library --severity "HIGH,CRITICAL" --ignore-unfixed $DOCKER_REPO/$image:$IMAGE_TAG
PUSH_IMAGE=1 bash -x ./build.sh skip $image PUSH_IMAGE=1 bash -x ./build.sh skip $image
echo "::set-output name=image::$DOCKER_REPO/$image:$IMAGE_TAG" echo "::set-output name=image::$DOCKER_REPO/$image:$IMAGE_TAG"
done done