-
Notifications
You must be signed in to change notification settings - Fork 524
44 lines (40 loc) · 1.31 KB
/
trivy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
---
name: trivy vulnerability scanner
# yamllint disable-line rule:truthy
on:
push:
branches:
- main
pull_request:
jobs:
build:
name: build
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: install go
uses: actions/[email protected]
with:
go-version: ^1.20
- name: build Ceph container images daemon-base and demo
run: |
make build BASEOS_REPO=centos BASEOS_REGISTRY=quay.io/centos BASEOS_TAG=stream8 FLAVORS="main,centos,8" IMAGES_TO_BUILD="daemon-base demo"
- name: run trivy vulnerability scanner against daemon-base
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quay.io/ceph/daemon-base:HEAD-main-centos-stream8-x86_64'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: run trivy vulnerability scanner against demo
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quay.io/ceph/demo:HEAD-main-centos-stream8-x86_64'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'