Skip to content

Scan Docker Image

Scan Docker Image #109

name: Scan Docker Image
on:
workflow_dispatch:
schedule:
# every monday at 10:00 UTC
- cron: "0 10 * * 1"
permissions:
# used by trivy
contents: read
packages: read
security-events: write
jobs:
scan-docker-image:
name: Scan Docker Image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: maven
- name: Get Image Name
id: get-image-name
run: echo "image-name=$(mvn help:evaluate -Dexpression=image.name -q -DforceStdout)" >> $GITHUB_OUTPUT
- name: Scan Docker Image for Vulnerabilities
uses: aquasecurity/[email protected]
with:
image-ref: ${{ steps.get-image-name.outputs.image-name }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy Results to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif