Add clair vulnerability scanner

Signed-off-by: Tommy <contact@tommytran.io>
2024-11-22 01:51:33 -05:00 · 2024-06-12 01:17:20 -07:00 · 2024-06-12 01:17:20 -07:00 · 0924408ecd
commit 0924408ecd
parent 1a9dd596ed
1 changed files with 24 additions and 3 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -67,8 +67,8 @@ jobs:
        env:
          TAGS: ${{ steps.meta.outputs.tags }}

-  scan:
-    name: Scan current image & report results
+  trivy:
+    name: Scan current image with Trivy
    needs: build
    permissions:
      security-events: write
@ -87,4 +87,25 @@ jobs:
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'trivy-results.sarif'
+          category: trivy
+
+  clair:
+    name: Scan current image with Clair
+    needs: build
+    permissions:
+      security-events: write
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Run Clair vulnerability scanner
+        uses: quay/clair-action@main
+        with:
+          image-ref: 'ghcr.io/tommytran732/matrix.to'
+          format: sarif
+          output: clair_results.sarif
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'clair_results.sarif'
+          category: clair