tebarius/Docker-404-games
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

imagescan_action

Browse Source
This commit is contained in:
Martin Kayser
2025-12-13 22:23:34 +01:00
parent e8b604914b
commit ac0ff6465e
1 changed files with 4 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.gitea/workflows/trivy_scan_image.yml
View File

@@ -16,31 +16,10 @@ env:
jobs: jobs:
release-image: release-image:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: aquasec/trivy:latest
steps: steps:
- name: Scan image with trivy - name: Scan image with trivy
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: "${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}"
scan-type: image
hide-progress: false
ignore-unfixed: true
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
scanners: "vuln,misconfig,secrets"
output: trivy.txt
env:
TRIVY_USERNAME: "${{ env.user }}"
TRIVY_PASSWORD: "${{ secrets.DOCKER_PULL_TOKEN }}"
- name: Publish Trivy Output to Summary
run: | run: |
if [[ -s trivy.txt ]]; then trivy image --username ${{ env.user }} --password ${{ secrets.DOCKER_PULL_TOKEN }} --exit-code 1 \
{ --scanners vuln,misconfig,secret \
echo "### Security Output" ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }}
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```terraform'
cat trivy.txt
echo '```'
echo "</details>"
} >> $GITHUB_STEP_SUMMARY
fi