Skip to content

Docker(deps): Bump distroless/base from 53745e9 to a9899cc #554

Docker(deps): Bump distroless/base from 53745e9 to a9899cc

Docker(deps): Bump distroless/base from 53745e9 to a9899cc #554

Workflow file for this run

name: Code Scanning
on:
push:
branches: ["main"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main"]
schedule:
# Runs at 13:16 UTC on Fri.
- cron: "16 13 * * 5"
permissions:
contents: read
jobs:
hadolint:
name: Hadolint
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- name: Run Hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
with:
dockerfile: ./Dockerfile
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload Hadolint scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
trivy:
name: Trivy
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- name: Build an image from Dockerfile
run: |
docker build -t ${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2
with:
image-ref: "${{ github.sha }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
with:
sarif_file: "trivy-results.sarif"
wait-for-processing: true