Skip to content
Trivy

Feat: refactor release script #285

Sign in to view logs

Feat: refactor release script

Feat: refactor release script #285

Workflow file for this run

.github/workflows/trivy.yml at a5f812f
name: Trivy
on:
pull_request:
branches:
- develop
jobs:
scan:
name: Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4.1.4
- name: Build -opensource and cloud- Docker images
run: |
docker build -f docker/Dockerfile --build-arg WORKSPACE=cloud -t docker.io/gisaia/arlas-wui-cloud:${{ github.sha }} .
docker build -f docker/Dockerfile --build-arg WORKSPACE=opensource -t docker.io/gisaia/arlas-wui:${{ github.sha }} .
- name: Run Trivy vulnerability scanner on opensource image
uses: aquasecurity/trivy-action@master
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
with:
image-ref: "docker.io/gisaia/arlas-wui:${{ github.sha }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
trivyignores: .github/workflows/.trivyignore
- name: Run Trivy vulnerability scanner on cloud image
uses: aquasecurity/trivy-action@master
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
with:
image-ref: "docker.io/gisaia/arlas-wui-cloud:${{ github.sha }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
trivyignores: .github/workflows/.trivyignore