Skip to content

different name to avoid match with into-wmo #22

different name to avoid match with into-wmo

different name to avoid match with into-wmo #22

Workflow file for this run

name: Run Trivy vulnerability scanner
on: [ push ]
jobs:
main:
runs-on: ubuntu-latest
strategy:
matrix:
image: ['wis2box-management', 'wis2box-mqtt-metrics-collector', 'wis2box-broker']
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build docker image ${{ matrix.image }}
run: |
docker build -t ${{ matrix.image }}:test ${{ matrix.image }}
- name: Run Trivy vulnerability scanner on ${{ matrix.image }}
if: always()
uses: aquasecurity/trivy-action@0.20.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
with:
image-ref: ${{ matrix.image }}:test
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'