mirror of
https://github.com/tommytran732/Matrix.to-Docker
synced 2024-12-23 07:51:32 -05:00
Add clair vulnerability scanner
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
1a9dd596ed
commit
0924408ecd
27
.github/workflows/build.yml
vendored
27
.github/workflows/build.yml
vendored
@ -67,8 +67,8 @@ jobs:
|
||||
env:
|
||||
TAGS: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
scan:
|
||||
name: Scan current image & report results
|
||||
trivy:
|
||||
name: Scan current image with Trivy
|
||||
needs: build
|
||||
permissions:
|
||||
security-events: write
|
||||
@ -87,4 +87,25 @@ jobs:
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
category: trivy
|
||||
|
||||
clair:
|
||||
name: Scan current image with Clair
|
||||
needs: build
|
||||
permissions:
|
||||
security-events: write
|
||||
runs-on: "ubuntu-latest"
|
||||
steps:
|
||||
- name: Run Clair vulnerability scanner
|
||||
uses: quay/clair-action@main
|
||||
with:
|
||||
image-ref: 'ghcr.io/tommytran732/matrix.to'
|
||||
format: sarif
|
||||
output: clair_results.sarif
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: 'clair_results.sarif'
|
||||
category: clair
|
Loading…
Reference in New Issue
Block a user