Skip to content

Commit

Permalink
trivy test
Browse files Browse the repository at this point in the history 
Signed-off-by: zhzhuang-zju <m17799853869@163.com>
  • Loading branch information
@zhzhuang-zju
zhzhuang-zju committed Oct 19, 2023
1 parent b7040ff commit c185577
Showing 1 changed file with 37 additions and 14 deletions.
51 changes: 37 additions & 14 deletions .github/workflows/trivy-test.yml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,47 @@
name: Trivy Scan
name: image-scanning
on:
push:
push:
pull_request:
paths-ignore:
- '**/*.md'
- '**/*.txt'
jobs:
code-scanning:
name: code-scanning
# prevent job running from forked repository
# if: ${{ github.repository == 'XiShanYongYe-Chang/karmada' }}
use-trivy-to-scan-image:
name: image-scanning
if: ${{ github.repository == 'XiShanYongYe-Chang/karmada' }}
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
target:
- karmada-controller-manager
- karmada-scheduler
- karmada-descheduler
- karmada-webhook
- karmada-agent
- karmada-scheduler-estimator
- karmada-interpreter-webhook-example
- karmada-aggregated-apiserver
- karmada-search
- karmada-operator
- karmada-metrics-adapter
steps:
- name: checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
uses: actions/checkout@v2
- name: Build an image from Dockerfile
run: |
export VERSION="latest"
export REGISTRY="docker.io/karmada"
make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.12.0
with:
scan-type: 'fs'
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'sarif'
output: 'trivy-results.sarif'
ignore-unfixed: true
severity: "HIGH"
exit-code: "1"
vuln-type: 'os,library'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
run: cat trivy-results.sarif
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

0 comments on commit c185577

Please sign in to comment.