Skip to content
Docker Image Scan

chore: update repository templates to https://github.com/ory/meta/com… #109

Sign in to view logs

chore: update repository templates to https://github.com/ory/meta/com…

chore: update repository templates to https://github.com/ory/meta/com… #109

Workflow file for this run

.github/workflows/cve-scan.yaml at 8bd24af
name: Docker Image Scan
on:
push:
branches:
- "master"
tags:
- "v*.*.*"
pull_request:
branches:
- "master"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: actions/setup-go@v2
name: Setup Golang
with:
go-version: "^1.16"
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Fetch kube-builder
shell: bash
run: |
os=$(go env GOOS)
arch=$(go env GOARCH)
curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/
sudo mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder
export PATH=$PATH:/usr/local/kubebuilder/bin
kubebuilder version
- name: Build images
shell: bash
run: |
make docker-build-notest
- name: Anchore Scanner
uses: anchore/scan-action@v3
id: grype-scan
with:
image: controller:latest
fail-build: true
severity-cutoff: high
debug: false
acs-report-enable: true
- name: Anchore upload scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
- name: Trivy Scanner
uses: aquasecurity/trivy-action@master
if: ${{ always() }}
with:
image-ref: controller:latest
format: "table"
exit-code: "42"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Dockle Linter
uses: erzz/dockle-action@v1.3.1
if: ${{ always() }}
with:
image: controller:latest
exit-code: 42
failure-threshold: fatal