feat: scan for vuln #11

Workflow file for this run

	name: Scan for vulnerabilities

	on:
	pull_request:
	branches: [main]
	types: [milestoned, opened, synchronize]
	schedule:
	- cron: '0 1 * * *'
	workflow_dispatch: {}

	jobs:
	# cannot scan registry1 and upstream at the same time because the sarif upload have a file limit of 20 files
	scan-upstream:
	runs-on: ubuntu-latest
	name: Scan for vulnerabilities - Upstream
	permissions:
	contents: read
	pull-requests: read

	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Environment setup
	uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
	with:
	username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
	password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}


	- name: Scan the repository for vulnerabilities - Upstream
	run: \|
	uds run grype:install
	uds run scan:upstream

	- name: Upload SARIF files - Upstream
	uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2
	with:
	sarif_file: ./sarif

	scan-registry1:
	runs-on: ubuntu-latest
	name: Scan for vulnerabilities - Registry1
	permissions:
	contents: read
	pull-requests: read

	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Environment setup
	uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
	with:
	username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
	password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}

	- name: Scan the repository for vulnerabilities - Registry1
	run: \|
	uds run grype:install
	uds run scan:registry1

	- name: Check for SARIF files - Registry1
	id: check_sarif
	run: \|
	if compgen -G "./sarif/*.sarif" > /dev/null; then
	echo "::set-output name=exists::true"
	else
	echo "::set-output name=exists::false"
	fi

	- name: Upload SARIF files - Registry1
	if: steps.check_sarif.outputs.exists == 'true'
	uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2
	with:
	sarif_file: ./sarif/*.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: scan for vuln #11

Workflow file

feat: scan for vuln #11

Jobs

Run details

Workflow file for this run