From 4dd2c581ac45890c64f0406403370a3f3196364d Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Tue, 25 Jan 2022 13:52:43 -0700 Subject: [PATCH] Add nightly container vuln scan Introduces a new 'scan' workflow for scanning the main branch container for vulnerabilities nightly. By default, this will fail for any 'medium' or higher vulnerability. Fixes #613 --- .github/workflows/scan.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/scan.yml diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 0000000..8790e89 --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,19 @@ +name: scan + +on: + schedule: + - cron: '0 0 * * *' + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Build the container image + run: | + docker build --tag whoogle-search:test . + - name: Initiate grype scan + run: | + curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b . + chmod +x ./grype + ./grype whoogle-search:test --only-fixed