Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2025-12-06 08:27:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

trivy instead of anchore.

Browse Source
This commit is contained in:
Simon Ungar Felding 2025-04-24 22:30:07 +02:00
parent bd60054066
commit 38af88a0e3
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
.github/workflows/build.yaml vendored
View File

@ -61,18 +61,20 @@ jobs:
tags: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}" tags: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}"
build-args: | build-args: |
version=${{ env.version }} version=${{ env.version }}
- name: Scan image
id: scan - name: Run Trivy vulnerability scan
uses: anchore/scan-action@v6 uses: aquasecurity/trivy-action@0.30.0
with: with:
image: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}" image-ref: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}"
fail-build: false format: 'sarif'
severity-cutoff: critical exit-code: 0
output-format: sarif severity: 'CRITICAL,HIGH'
- name: Upload Anchore scan SARIF report output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: ${{ steps.scan.outputs.sarif }} sarif_file: 'trivy-results.sarif'
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -146,18 +148,18 @@ jobs:
digest="${{ steps.build.outputs.digest }}" digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}" touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Scan image - name: Run Trivy vulnerability scan
id: scan uses: aquasecurity/trivy-action@0.30.0
uses: anchore/scan-action@v6
with: with:
image: ${{ env.DOCKERHUB_REPO }}/protonmail-bridge:${{ steps.build.outputs.digest }} image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
fail-build: true format: 'sarif'
severity-cutoff: critical exit-code: 0
output-format: sarif severity: 'CRITICAL,HIGH'
- name: Upload Anchore scan SARIF report output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: ${{ steps.scan.outputs.sarif }} sarif_file: 'trivy-results.sarif'
- name: Upload digest - name: Upload digest
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4