Merge pull request #3 from monta-app/chore/add-support-for-backstage #11

	name: Docker Image Scanners
	on:
	push:
	branches:
	- 'master'
	tags:
	- 'v..*'
	pull_request:
	branches:
	- 'master'

	jobs:
	scanners:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- name: Setup Env
	id: vars
	shell: bash
	run: \|
	echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
	echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Build images
	shell: bash
	run: \|
	touch kratos
	DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-alpine --build-arg=COMMIT=${{ steps.vars.outputs.sha_short }} -t oryd/kratos:${{ steps.vars.outputs.sha_short }} .
	rm kratos
	- name: Anchore Scanner
	uses: anchore/scan-action@v3
	id: grype-scan
	with:
	image: oryd/kratos:${{ steps.vars.outputs.sha_short }}
	fail-build: true
	severity-cutoff: high
	debug: false
	acs-report-enable: true
	- name: Anchore upload scan SARIF report
	if: always()
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: ${{ steps.grype-scan.outputs.sarif }}
	- name: Trivy Scanner
	uses: aquasecurity/trivy-action@master
	if: ${{ always() }}
	with:
	image-ref: oryd/kratos:${{ steps.vars.outputs.sha_short }}
	format: 'table'
	exit-code: '42'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	- name: Dockle Linter
	uses: erzz/[email protected]
	if: ${{ always() }}
	with:
	image: oryd/kratos:${{ steps.vars.outputs.sha_short }}
	exit-code: 42
	failure-threshold: fatal

Provide feedback