Skip to content

Temporarily enable CVE scanning per push for testing. #13

Temporarily enable CVE scanning per push for testing.

Temporarily enable CVE scanning per push for testing. #13

Workflow file for this run

name: Scan
on:
schedule:
- cron: 0 0 * * *
push:
jobs:
fetch-os-specific-binaries:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Install State Tool
uses: ActiveState/setup-state-tool@v1
- name: Copy State Tool binaries to workspace dir
shell: bash
run: |
exe=`which state`
dir=`dirname $exe`
cp -r $dir/* '${{ github.workspace }}'
- name: Upload binaries
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-binaries
path: .
scan:
needs: fetch-os-specific-binaries
runs-on: ubuntu-latest
steps:
- name: Download binaries
uses: actions/download-artifacts@v4
- name: Scan binaries
uses: aquasecurity/[email protected]
with:
scan-type: rootfs
scan-ref: '.'
ignore-unfixed: true
format: table
exit-code: 1