Skip to content

Commit

Permalink
Merge pull request #5 from sitespeedio/scan
Browse files Browse the repository at this point in the history
Add docker scan
  • Loading branch information
soulgalore authored Sep 23, 2024
2 parents f54bb85 + df904d4 commit 0d0b9fa
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions .github/workflows/docker-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Docker security scan
on:
push:
branches:
- main
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-20.04
if: ${{ !contains(github.event.head_commit.message, 'docs:') }}
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Build an image from Dockerfile
run: |
docker buildx install
docker buildx build --load --platform linux/amd64 -t docker.io/sitespeedio/node:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/sitespeedio/node:${{ github.sha }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'

0 comments on commit 0d0b9fa

Please sign in to comment.