Skip to content

Scan docker images with Trivy #633

Scan docker images with Trivy

Scan docker images with Trivy #633

Workflow file for this run

name: MSBuild
on:
push:
branches:
- main
pull_request:
jobs:
build:
strategy:
matrix:
configuration: [Debug]
os: [windows-latest, ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: "./global.json"
- name: Restore dependencies
run: dotnet restore
- name: Format code
run: dotnet format --severity error --no-restore --verify-no-changes --verbosity normal
- name: Build the application
run: dotnet build --verbosity normal --no-restore --configuration ${{ matrix.configuration }}
- name: Execute unit tests
run: dotnet test --verbosity normal
docker:
runs-on: ubuntu-latest
env:
IMAGE_NAME: pxtools/pxwebapi:${{ github.sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: false
tags: ${{ env.IMAGE_NAME }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
scan-type: image
image-ref: ${{ env.IMAGE_NAME }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif