tebarius/Docker-Flask-QR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6a5c83321469f3738d458783665dace25c00505
Docker-Flask-QR/.gitea/workflows/trivy_image_scan.yml

41 lines
1.2 KiB
YAML
Raw Blame History

name: trivy-scan-image
run-name: Trivy - Scan Docker Image
on:
workflow_dispatch: # Manuelles Auslösen des Workflows
inputs:
image_tag:
description: 'Tag für das zu scannende Docker-Image z.B. latest'
required: true
default: 'latest'
schedule:
- cron: '30 1 * * 5'
env:
image_name_gitea: flask-qr
image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
registry_gitea: gitea.tebarius.duckdns.org
user: tebarius
jobs:
trivy_image_scan:
runs-on: ubuntu-latest
container: aquasec/trivy:latest
steps:
- name: Pull image
run: |
echo "${{ secrets.DOCKER_PULL_TOKEN }}" | docker login ${{ env.registry_gitea }} -u ${{ env.user }} --password-stdin \
&& docker pull ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
- name: Scan image with trivy
run: |
trivy image \
--username ${{ env.user }} \
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity MEDIUM,HIGH,CRITICAL \
--ignore-unfixed \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
Reference in New Issue View Git Blame Copy Permalink