Skip to content

Allow scope to be passed as array (#150) #210

Allow scope to be passed as array (#150)

Allow scope to be passed as array (#150) #210

Workflow file for this run

name: Docker Image Scan
on:
push:
branches:
- "master"
tags:
- "v*.*.*"
pull_request:
branches:
- "master"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v4
name: Setup Golang
with:
go-version: "1.22"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build images
shell: bash
run: |
make docker-build-notest
- name: Anchore Scanner
uses: anchore/scan-action@v3
id: grype-scan
with:
image: controller:latest
fail-build: true
severity-cutoff: high
debug: false
acs-report-enable: true
- name: Anchore upload scan SARIF report
if: always()
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
- name: Trivy Scanner
uses: aquasecurity/trivy-action@master
if: ${{ always() }}
with:
image-ref: controller:latest
format: "table"
exit-code: "42"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Dockle Linter
uses: erzz/[email protected]
if: ${{ always() }}
with:
image: controller:latest
exit-code: 42
failure-threshold: fatal