diff --git a/.gitea/workflows/trivy_scan_image.yml b/.gitea/workflows/trivy_scan_image.yml index e6c4089..f31c479 100644 --- a/.gitea/workflows/trivy_scan_image.yml +++ b/.gitea/workflows/trivy_scan_image.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest container: aquasec/trivy:latest steps: - - name: Scan image with trivy + - name: Scan linux/amd64-image run: | trivy image \ --username ${{ env.user }} \ @@ -31,4 +31,38 @@ jobs: --scanners vuln,misconfig,secret \ --severity HIGH,CRITICAL \ --ignore-unfixed \ + --platform linux/amd64 \ + ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/386-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/386 \ + ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/arm64-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/arm64 \ + ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/arm/v7-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/arm/v7 \ ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}