tebarius/Mysteryhelfer-web
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

image-scan for all build-platforms

Browse Source 
agt-get upgrade in Dockerfile
This commit is contained in:
Martin Kayser
2026-02-15 14:56:46 +01:00
parent 88f44174e5
commit 4e8ac6f21a
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.gitea/workflows/trivy_image_scan.yml
View File

@@ -22,11 +22,23 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: aquasec/trivy:latest container: aquasec/trivy:latest
steps: steps:
- name: Scan image with trivy - name: Scan linux/amd64-image
run: |
trivy image \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--platform linux/amd64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
- name: Scan linux/arm64-image
run: | run: |
trivy image \ trivy image \
--exit-code 1 \ --exit-code 1 \
--scanners vuln,misconfig,secret \ --scanners vuln,misconfig,secret \
--severity MEDIUM,HIGH,CRITICAL \ --severity MEDIUM,HIGH,CRITICAL \
--ignore-unfixed \ --ignore-unfixed \
--platform linux/arm64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
,

2
Dockerfile
View File

@@ -7,8 +7,8 @@ LABEL description="tebarius Mysteryhelfer web"
ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
RUN apt-get update \ RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends curl \ && apt-get install -y --no-install-recommends curl \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*