imagescan_action
This commit is contained in:
32
.gitea/workflows/trivy_scan_image.yml
Normal file
32
.gitea/workflows/trivy_scan_image.yml
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
name: release-tag
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch: # Manuelles Auslösen des Workflows
|
||||||
|
inputs:
|
||||||
|
image_tag:
|
||||||
|
description: 'Tag für das zu scannende Docker-Image z.B. latest'
|
||||||
|
required: true
|
||||||
|
default: 'latest'
|
||||||
|
|
||||||
|
env:
|
||||||
|
image_name: 404_games
|
||||||
|
registry: gitea.tebarius.duckdns.org
|
||||||
|
user: tebarius
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
release-image:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Scan image with trivy
|
||||||
|
uses: aquasecurity/trivy-action@0.33.1
|
||||||
|
with:
|
||||||
|
image-ref: "${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}"
|
||||||
|
scan-type: image
|
||||||
|
hide-progress: true
|
||||||
|
ignore-unfixed: true
|
||||||
|
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
|
||||||
|
scanners: "vuln,misconfig,secrets"
|
||||||
|
env:
|
||||||
|
TRIVY_USERNAME: "${{ env.user }}"
|
||||||
|
TRIVY_PASSWORD: "${{ secrets.DOCKER_PULL_TOKEN }}"
|
||||||
Reference in New Issue
Block a user