Docker-Analyze #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker-Analyze | |
on: | |
schedule: | |
- cron: "0 0 * * *" # Daily at midnight UTC | |
workflow_dispatch: | |
inputs: | |
trigger-build: | |
description: 'Trigger a manual build and push' | |
default: 'true' | |
env: | |
DOCKER_IMAGE: donaldzou/wgdashboard | |
jobs: | |
docker_analyze: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
- name: Install Docker Scout | |
run: | | |
echo "Installing Docker Scout..." | |
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- | |
echo "Docker Scout installed successfully." | |
- name: Analyze Docker image with Docker Scout | |
id: analyze-image | |
run: | | |
echo "Analyzing Docker image with Docker Scout..." | |
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt | |
cat scout-results.txt | |
echo "Docker Scout analysis completed." | |
- name: Fail if critical CVEs are found | |
run: | | |
if grep -q "0C" scout-results.txt; then | |
echo "No critical vulnerabilities found! Continueing." | |
exit 0 | |
else | |
echo "At least one critical vulnerabilities found! Exiting." | |
exit 1 | |
fi |