Skip to content

GA(deps): Bump actions/upload-artifact from 4.3.4 to 4.3.5 #578

GA(deps): Bump actions/upload-artifact from 4.3.4 to 4.3.5

GA(deps): Bump actions/upload-artifact from 4.3.4 to 4.3.5 #578

Workflow file for this run

name: Code Scanning
on:
push:
branches: ["main"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main"]
schedule:
# Runs at 13:16 UTC on Fri.
- cron: "16 13 * * 5"
permissions:
contents: read
jobs:
hadolint:
name: Hadolint
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Run Hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
with:
dockerfile: ./Dockerfile
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload Hadolint scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
trivy:
name: Trivy
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Build an image from Dockerfile
run: |
docker build -t ${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
with:
image-ref: "${{ github.sha }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac
with:
sarif_file: "trivy-results.sarif"
wait-for-processing: true