DHBW-WE/MeetUp
5
0
Fork 0
Code Issues 7 Pull requests 5 Projects 1 Releases 5 Packages 1 Wiki Activity Actions
MeetUp/.github/workflows/container-scan.yml
Renovate Bot 0e0c89fdd7
All checks were successful
container-scan / Container Scan (push) Successful in 3m59s
Details
docker-build / docker (push) Successful in 1m35s
Details
chore(deps): update ghcr.io/di0ik/forgejo_runner_container:main docker digest to c4667f2
2025-06-12 12:00:27 +00:00

37 lines
1.2 KiB
YAML
Raw Blame History

name: container-scan
on:
push:
branches:
- main
pull_request:
jobs:
container-scan:
name: Container Scan
runs-on: docker
container:
image: ghcr.io/di0ik/forgejo_runner_container:main@sha256:c4667f2702c32b91b4c92db2ff20739edd00409a44a691c0598cf4a09a47743a
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Build an image from Dockerfile
run: docker buildx build -t meetup_trivy .
- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.61.0
- name: Run Trivy vulnerability scanner
run: |
trivy image --exit-code 1 --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed --no-progress --format table meetup_trivy
trivy image --exit-code 1 --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed --no-progress --format json meetup_trivy > trivy-report.json
- name: Upload Trivy report
uses: forgejo/upload-artifact@v4
with:
path: trivy-report.json
- name: Clean up Docker
run: |
docker buildx prune --filter=until=48h -f
docker image rm meetup_trivy
Reference in a new issue View git blame Copy permalink