Skip to content

Merge pull request #5 from sitespeedio/scan #2

Merge pull request #5 from sitespeedio/scan

Merge pull request #5 from sitespeedio/scan #2

Workflow file for this run

name: Docker security scan
on:
push:
branches:
- main
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-20.04
if: ${{ !contains(github.event.head_commit.message, 'docs:') }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build an image from Dockerfile
run: |
docker buildx install
docker buildx build --load --platform linux/amd64 -t docker.io/sitespeedio/node:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/sitespeedio/node:${{ github.sha }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'