Skip to content

Image Scan

Image Scan #189

Workflow file for this run

name: Image Scan
on:
schedule:
- cron: "49 8 * * *"
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}
jobs:
build:
name: Trivy image scan
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build run-detection Docker image
uses: docker/build-push-action@v6
with:
file: ./container/Dockerfile
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/rundetection:${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/rundetection:${{ github.sha }}
format: sarif
output: trivy-results.sarif
ignore-unfixed: true
exit-code: 1
- name: Print results
run: cat trivy-results.sarif
if: failure()
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: failure()
with:
sarif_file: trivy-results.sarif