Add nightly container vuln scan
Introduces a new 'scan' workflow for scanning the main branch container for vulnerabilities nightly. By default, this will fail for any 'medium' or higher vulnerability. Fixes #613main
parent
9cbd7bd9d3
commit
4dd2c581ac
|
@ -0,0 +1,19 @@
|
|||
name: scan
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
jobs:
|
||||
scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Build the container image
|
||||
run: |
|
||||
docker build --tag whoogle-search:test .
|
||||
- name: Initiate grype scan
|
||||
run: |
|
||||
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
|
||||
chmod +x ./grype
|
||||
./grype whoogle-search:test --only-fixed
|
Loading…
Reference in New Issue