chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2025-11-20. You can view files and clone it, but cannot push or open issues or pull requests.
Files
b05e93080a904ca74841fc23b3f74cc6a9490134
docker-salt-master/.github/workflows/security-analysis.yml
dependabot[bot] a6397bb3aa build(deps): Bump actions/cache from 2.1.6 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-23 07:03:47 +00:00

71 lines
2.1 KiB
YAML
Raw Blame History

name: Security analysis
on:
push:
branches:
- main
pull_request:
schedule:
- cron: '0 0 * * 1'
jobs:
security-analysis:
name: Trivy scan
runs-on: ubuntu-latest
env:
CACHE_PATH: /tmp/.buildx-cache
steps:
- name: Checkout repository
if: github.event_name != 'schedule'
uses: actions/checkout@v2.4.0
- name: Set up QEMU
if: github.event_name != 'schedule'
uses: docker/setup-qemu-action@v1.2.0
- name: Set up Docker Buildx
if: github.event_name != 'schedule'
uses: docker/setup-buildx-action@v1.6.0
- name: Cache Docker layers
if: github.event_name != 'schedule'
uses: actions/cache@v2.1.7
with:
path: ${{ env.CACHE_PATH }}
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build docker-salt-master image
if: github.event_name != 'schedule'
uses: docker/build-push-action@v2.7.0
with:
context: .
file: ./Dockerfile
cache-from: |
type=local,src=${{ env.CACHE_PATH }}
ghcr.io/cdalvaro/docker-salt-master:latest
cache-to: type=local,dest=${{ env.CACHE_PATH }}
load: true
tags: ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}
- name: Download and tag latest image
if: github.event_name == 'schedule'
run: |
docker pull ghcr.io/cdalvaro/docker-salt-master:latest
docker tag ghcr.io/cdalvaro/docker-salt-master:latest ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
Reference in New Issue View Git Blame Copy Permalink