From 61d6cb942582c27f3a441cf8eb841c20700e4b2e Mon Sep 17 00:00:00 2001 From: mitchell Date: Tue, 27 Aug 2024 11:56:09 -0400 Subject: [PATCH] Added nightly CVE scanner for the release version. --- .github/workflows/scan.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/scan.yml diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 0000000000..ea745664fe --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,30 @@ +name: Scan + +on: + schedule: + - cron: 0 0 * * * + +jobs: + scan: + runs-on: ubuntu-latest + + steps: + - name: Install State Tool + uses: ActiveState/setup-state-tool@v1 + + - name: Get State Tool binaries path + id: get_bin_dir + shell: bash + run: | + exe=`which state` + dir=`dirname $exe` + echo "STATE_TOOL_BIN_DIR=$dir" >> "$GITHUB_OUTPUT" + + - name: Scan binaries + uses: aquasecurity/trivy-action@0.20.0 + with: + scan-type: rootfs + scan-ref: ${{ steps.get_bin_dir.outputs.STATE_TOOL_BIN_DIR }} + ignore-unfixed: true + format: table + exit-code: 1