Skip to content

Container Scanning #1769

Container Scanning

Container Scanning #1769

name: 'Container Scanning'
on:
push:
schedule:
- cron: '0 0 * * *'
jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Build
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Build an image from Dockerfile
run: |
docker build --target web -t ghcr.io/ukgovernmentbeis/regulated-professions-register:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: ghcr.io/ukgovernmentbeis/regulated-professions-register:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'