tebarius/Docker-Flask-QR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

trivy_image_scan.yml for all 4 build-plattforms

Browse Source
This commit is contained in:
Martin Kayser
2026-02-15 12:42:36 +01:00
parent c6a5c83321
commit e2b2c5e89c
1 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.gitea/workflows/trivy_image_scan.yml
View File

@@ -22,19 +22,47 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: aquasec/trivy:latest container: aquasec/trivy:latest
steps: steps:
- name: Scan linux/amd64-image with trivy
- name: Pull image
run: |
echo "${{ secrets.DOCKER_PULL_TOKEN }}" | docker login ${{ env.registry_gitea }} -u ${{ env.user }} --password-stdin \
&& docker pull ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
- name: Scan image with trivy
run: | run: |
trivy image \ trivy image \
--username ${{ env.user }} \ --username ${{ env.user }} \
--password ${{ secrets.DOCKER_PULL_TOKEN }} \ --password ${{ secrets.DOCKER_PULL_TOKEN }} \
--exit-code 1 \ --exit-code 1 \
--scanners vuln,misconfig,secret \ --scanners vuln,misconfig,secret \
--severity MEDIUM,HIGH,CRITICAL \ --severity HIGH,CRITICAL \
--ignore-unfixed \ --ignore-unfixed \
--platform linux/amd64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
- name: Scan linux/386-image with trivy
run: |
trivy image \
--username ${{ env.user }} \
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--platform linux/386 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
- name: Scan linux/arm64 with trivy
run: |
trivy image \
--username ${{ env.user }} \
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--platform linux/arm64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
- name: Scan linux/arm/v7-image with trivy
run: |
trivy image \
--username ${{ env.user }} \
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--platform linux/arm/v7 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }} ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}