Skip to content

Commit

Permalink
rename, matrix scan, only scan images built in this repo
Browse files Browse the repository at this point in the history
  • Loading branch information
maaikelimper committed Nov 3, 2024
1 parent 9e5bbe5 commit b7d710d
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Run Trivy vulnerability scanner


on: [ push ]

matrix:


jobs:
main:
runs-on: ubuntu-latest
strategy:
matrix:
image: ['wis2box-management', 'wis2box-mqtt-metrics-collector', 'wis2box-broker']
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build docker image ${{ matrix.image }}
run: |
docker build -t ${{ matrix.image }}:test ${{ matrix.image }}
- name: Run Trivy vulnerability scanner on ${{ matrix.image }}
if: always()
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: ${{ matrix.image }}:test
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

0 comments on commit b7d710d

Please sign in to comment.