diff --git a/.gitea/workflows/trivy_image_scan.yml b/.gitea/workflows/trivy_image_scan.yml index ac553c0..6c44c9c 100644 --- a/.gitea/workflows/trivy_image_scan.yml +++ b/.gitea/workflows/trivy_image_scan.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest container: aquasec/trivy:latest steps: - - name: Scan image with trivy + - name: Scan linux/amd64-image run: | trivy image \ --username ${{ env.user }} \ @@ -31,4 +31,38 @@ jobs: --scanners vuln,misconfig,secret \ --severity HIGH,CRITICAL \ --ignore-unfixed \ + --platform linux/amd64 \ + ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/386-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/386 \ + ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/arm64-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/arm64 \ + ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }} + - name: Scan linux/arm/v7-image + run: | + trivy image \ + --username ${{ env.user }} \ + --password ${{ secrets.DOCKER_PULL_TOKEN }} \ + --exit-code 1 \ + --scanners vuln,misconfig,secret \ + --severity HIGH,CRITICAL \ + --ignore-unfixed \ + --platform linux/arm/v7 \ ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}