Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add trivy fix #284

Merged
merged 3 commits into from
Oct 16, 2024
Merged

Add trivy fix #284

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
96215df
Add trivy fix
gillettmoj Oct 15, 2024
50220ee
Update action ver
gillettmoj Oct 15, 2024
38c9ba3
Add java db
gillettmoj Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 21 additions & 17 deletions .github/workflows/sub-task-docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,34 @@ jobs:
- name: Check out code
id: checkout_code
uses: actions/checkout@v4.2.1

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@909c963c254b4e2e2f5aa6ef17217c4d7a7c4a31
with:
aws-access-key-id: ${{ secrets.aws_access_key_id_actions }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key_actions }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/integrations-ci
role-duration-seconds: 900
role-session-name: OPGLPACodesGithubAction

- name: Login to ECR
id: login_ecr
uses: aws-actions/amazon-ecr-login@46d808a88fadc001401c8b8275bd97e2a95a98ec
with:
registries: 311462405659

- name: Build Container
id: build_container
run: docker build --file ${{ matrix.path }}/Dockerfile-${{ matrix.dockerfile }} --tag ${{ matrix.name }}:latest ${{ matrix.path }}

- name: Trivy Image Vulnerability Scanner
id: trivy_scan
uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564
uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's worth pulling through the java db too

TRIVY_JAVA_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-java-db:1

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

TRIVY_JAVA_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-java-db:1
with:
image-ref: ${{ matrix.name }}:latest
severity: 'HIGH,CRITICAL'
Expand All @@ -67,22 +87,6 @@ jobs:
- name: Install AWS Cli
uses: unfor19/install-aws-cli-action@27d6061dae5d39e89be4d2246824f15e111a7e06

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@2cefa29f8797029f898b1baeff3e21a144128687
with:
aws-access-key-id: ${{ secrets.aws_access_key_id_actions }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key_actions }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/integrations-ci
role-duration-seconds: 900
role-session-name: OPGLPACodesGithubAction

- name: Login to ECR
id: login_ecr
uses: aws-actions/amazon-ecr-login@d5dd46d537c86e506335323688c342319bedcfe1
with:
registries: 311462405659

- name: Push to ECR
env:
ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
Expand Down
Loading