Docker-Flask-QR/.gitea/workflows/trivy_image_scan.yml at 20bda0cbd557c93dd3f2dabfd1ce43afac38a95b

tebarius/Docker-Flask-QR

Fork 0

Files

tebarius 20bda0cbd5

trivy-scan-image / trivy_image_scan (push) Successful in 40s

Details

Custom-Name for Job

2026-02-15 13:43:09 +01:00

69 lines

2.3 KiB

YAML

Raw Blame History

 name: trivy-scan-image
 run-name: Trivy - Scan Docker Image ${{ env.image_tag }}
 on:
   workflow_dispatch: # Manuelles Auslösen des Workflows
     inputs:
       image_tag:
         description: 'Tag für das zu scannende Docker-Image z.B. latest'
         required: true
         default: 'latest'
   schedule:
     - cron: '30 1 * * 5'
 env:
   image_name_gitea: flask-qr
   image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
   registry_gitea: gitea.tebarius.duckdns.org
   user: tebarius
 jobs:
   trivy_image_scan:
     runs-on: ubuntu-latest
     container: aquasec/trivy:latest
     steps:
       - name: Scan linux/amd64-image
         run: |
           trivy image \
           --username ${{ env.user }} \
           --password ${{ secrets.DOCKER_PULL_TOKEN }} \
           --exit-code 1 \
           --scanners vuln,misconfig,secret \
           --severity HIGH,CRITICAL \
           --ignore-unfixed \
           --platform linux/amd64 \
           ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
       - name: Scan linux/386-image
         run: |
           trivy image \
           --username ${{ env.user }} \
           --password ${{ secrets.DOCKER_PULL_TOKEN }} \
           --exit-code 1 \
           --scanners vuln,misconfig,secret \
           --severity HIGH,CRITICAL \
           --ignore-unfixed \
           --platform linux/386 \
           ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
       - name: Scan linux/arm64-image
         run: |
           trivy image \
           --username ${{ env.user }} \
           --password ${{ secrets.DOCKER_PULL_TOKEN }} \
           --exit-code 1 \
           --scanners vuln,misconfig,secret \
           --severity HIGH,CRITICAL \
           --ignore-unfixed \
           --platform linux/arm64 \
           ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
       - name: Scan linux/arm/v7-image
         run: |
           trivy image \
           --username ${{ env.user }} \
           --password ${{ secrets.DOCKER_PULL_TOKEN }} \
           --exit-code 1 \
           --scanners vuln,misconfig,secret \
           --severity HIGH,CRITICAL \
           --ignore-unfixed \
           --platform linux/arm/v7 \
           ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}

69 lines 2.3 KiB YAML Raw Blame History

69 lines

2.3 KiB

YAML

Raw Blame History