Skip to content

add trivy scanner github action to report vulnarabiliites. #18

add trivy scanner github action to report vulnarabiliites.

add trivy scanner github action to report vulnarabiliites. #18

Workflow file for this run

---
name: trivy vulnerability scanner
# yamllint disable-line rule:truthy
on:
push:
branches:
- main
pull_request:
jobs:
build:
name: build
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: install go
uses: actions/[email protected]
with:
go-version: ^1.20
- name: build Ceph container images daemon-base and demo
run: |
make build BASEOS_REPO=centos BASEOS_REGISTRY=quay.io/centos BASEOS_TAG=stream8 FLAVORS="main,centos,8" IMAGES_TO_BUILD="daemon-base demo"
- name: run trivy vulnerability scanner against daemon-base
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quay.io/ceph/daemon-base:HEAD-main-centos-stream8-x86_64'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: run trivy vulnerability scanner against demo
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quay.io/ceph/demo:HEAD-main-centos-stream8-x86_64'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'