File tree Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Scan docker
2+ on : [pull_request]
3+
4+ env :
5+ # Use docker.io for Docker Hub if empty
6+ REGISTRY : docker.io
7+
8+ # github.repository as <account>/<repo>
9+ IMAGE_NAME : perconalab/version-service
10+
11+ jobs :
12+ build :
13+ name : Build
14+ runs-on : ubuntu-latest
15+ steps :
16+ - name : Checkout code
17+ uses : actions/checkout@v5
18+
19+ - name : Set up QEMU
20+ uses : docker/setup-qemu-action@v3
21+
22+ - name : Set up Docker Buildx
23+ uses : docker/setup-buildx-action@v3
24+
25+ - name : Build an image from Dockerfile (linux/amd64)
26+ run : |
27+ export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64
28+ export DOCKER_PUSH=0
29+ export DOCKER_SQUASH=0
30+ export DOCKER_DEFAULT_PLATFORM='linux/amd64'
31+ make docker-build
32+
33+ name : Run Trivy vulnerability scanner image (linux/amd64)
34+ uses : aquasecurity/trivy-action@0.33.1
35+ with :
36+ image-ref : ' ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
37+ format : ' table'
38+ exit-code : ' 1'
39+ ignore-unfixed : true
40+ vuln-type : ' os,library'
41+ severity : ' CRITICAL,HIGH'
42+ version : ' v0.67.2'
You can’t perform that action at this time.
0 commit comments