1
0
mirror of https://github.com/tommytran732/Matrix.to-Docker synced 2024-12-23 07:51:32 -05:00

Add clair vulnerability scanner

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-12 01:17:20 -07:00
parent 1a9dd596ed
commit 0924408ecd
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -67,8 +67,8 @@ jobs:
env:
TAGS: ${{ steps.meta.outputs.tags }}
scan:
name: Scan current image & report results
trivy:
name: Scan current image with Trivy
needs: build
permissions:
security-events: write
@ -87,4 +87,25 @@ jobs:
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
sarif_file: 'trivy-results.sarif'
category: trivy
clair:
name: Scan current image with Clair
needs: build
permissions:
security-events: write
runs-on: "ubuntu-latest"
steps:
- name: Run Clair vulnerability scanner
uses: quay/clair-action@main
with:
image-ref: 'ghcr.io/tommytran732/matrix.to'
format: sarif
output: clair_results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'clair_results.sarif'
category: clair