Skip to content

Vulnerability Scan #359

Vulnerability Scan

Vulnerability Scan #359

Workflow file for this run

name: Vulnerability Scan
on:
workflow_dispatch:
push:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
jobs:
list-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- id: list-tests-step
name: List Tests
run: echo "testnames=$( (cd .github/tests && find * -maxdepth 0 -type d) | jq --compact-output --slurp --raw-input 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
outputs:
testnames: ${{steps.list-tests-step.outputs.testnames}}
run-scan:
needs: list-tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.list-tests.outputs.testnames) }}
services:
accelerator:
image: dev.registry.tanzu.vmware.com/app-accelerator/acc-engine:latest
credentials:
username: robot$${{secrets.TANZUNET_ROBOT}}
password: ${{secrets.TANZUNET_PASS}}
ports:
- 8888:8080
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
java-version: '17'
distribution: 'adopt'
- name: Set up .NET 6
uses: actions/setup-dotnet@v3
with:
dotnet-version: '6.0.x'
- name: Wait for Engine Container
uses: ifaxity/wait-on-action@v1
with:
resource: http://localhost:8888/actuator
timeout: 10000
- name: Download Grype
uses: anchore/scan-action/download-grype@v3
with:
grype-version: v0.60.0
id: grype
- name: Generate ${{matrix.test}}
run: .github/tests/generate.sh ${{matrix.test}}
- name: Scan ${{matrix.test}}
run: .github/tests/scan.sh ${{matrix.test}} ${{steps.grype.outputs.cmd}}