-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #141 from ropable/master
Switch ujson for orjson, bump other dependencies, other tweaks
- Loading branch information
Showing
16 changed files
with
868 additions
and
909 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,11 +3,11 @@ name: "Build Docker image and run Trivy vulnerability scan" | |
| on: | ||
| push: | ||
| # Publish `master` as `latest` image. | ||
| branches: [ master ] | ||
| branches: [master] | ||
| # Publish `2.*` tags as releases. | ||
| tags: [ '2.*' ] | ||
| tags: ["2.*"] | ||
| pull_request: | ||
| branches: [ master ] | ||
| branches: [master] | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
|
|
@@ -77,15 +77,18 @@ jobs: | |
| # Run vulnerability scan on built image | ||
| #---------------------------------------------- | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@master | ||
| uses: aquasecurity/[email protected] | ||
| env: | ||
| TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db | ||
| with: | ||
| scan-type: 'image' | ||
| scan-type: "image" | ||
| scanners: "vuln" | ||
| image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| vuln-type: 'os,library' | ||
| severity: 'HIGH,CRITICAL' | ||
| format: 'sarif' | ||
| output: 'trivy-results.sarif' | ||
| vuln-type: "os,library" | ||
| severity: "HIGH,CRITICAL" | ||
| format: "sarif" | ||
| output: "trivy-results.sarif" | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||
| sarif_file: "trivy-results.sarif" | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| name: "Scan project for secrets & sensitive information" | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| pull_request: | ||
| branches: | ||
| - master | ||
|
|
||
| jobs: | ||
| secret-scan: | ||
| name: Scan project for secrets | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Secret scanning | ||
| uses: trufflesecurity/trufflehog@main | ||
| with: | ||
| base: "" | ||
| head: ${{ github.ref_name }} | ||
| extra_args: --only-verified |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.