Skip to content
.github/workflows/vulnerability-scans.yml

disable vulnerability scan for infra temp #1

Sign in to view logs

disable vulnerability scan for infra temp

disable vulnerability scan for infra temp #1

Workflow file for this run

.github/workflows/vulnerability-scans.yml at ccfc195
# # GitHub Actions CI workflow that runs vulnerability scans on the application's Docker image
# # to ensure images built are secure before they are deployed.
# # NOTE: The workflow isn't able to pass the docker image between jobs, so each builds the image.
# # A future PR will pass the image between the scans to reduce overhead and increase speed
# name: Vulnerability Scans
# on:
# workflow_call:
# inputs:
# app_name:
# description: "name of application folder under infra directory"
# required: true
# type: string
# jobs:
# hadolint-scan:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# # Scans Dockerfile for any bad practices or issues
# - name: Scan Dockerfile by hadolint
# uses: hadolint/[email protected]
# with:
# dockerfile: ${{ inputs.app_name }}/Dockerfile
# format: tty
# failure-threshold: warning
# output-file: hadolint-results.txt
# - name: Save output to workflow summary
# if: always() # Runs even if there is a failure
# run: cat hadolint-results.txt >> "$GITHUB_STEP_SUMMARY"
# trivy-scan:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Build and tag Docker image for scanning
# id: build-image
# run: |
# make APP_NAME=${{ inputs.app_name }} release-build
# IMAGE_NAME=$(make APP_NAME=${{ inputs.app_name }} release-image-name)
# IMAGE_TAG=$(make release-image-tag)
# echo "image=$IMAGE_NAME:$IMAGE_TAG" >> "$GITHUB_OUTPUT"
# - name: Run Trivy vulnerability scan
# uses: aquasecurity/trivy-action@master
# with:
# scan-type: image
# image-ref: ${{ steps.build-image.outputs.image }}
# format: table
# exit-code: 1
# ignore-unfixed: true
# vuln-type: os
# scanners: vuln,secret
# - name: Save output to workflow summary
# if: always() # Runs even if there is a failure
# run: |
# echo "View results in GitHub Action logs" >> "$GITHUB_STEP_SUMMARY"
# anchore-scan:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Build and tag Docker image for scanning
# id: build-image
# run: |
# make APP_NAME=${{ inputs.app_name }} release-build
# IMAGE_NAME=$(make APP_NAME=${{ inputs.app_name }} release-image-name)
# IMAGE_TAG=$(make release-image-tag)
# echo "image=$IMAGE_NAME:$IMAGE_TAG" >> "$GITHUB_OUTPUT"
# - name: Run Anchore vulnerability scan
# uses: anchore/scan-action@v3
# with:
# image: ${{ steps.build-image.outputs.image }}
# output-format: table
# - name: Save output to workflow summary
# if: always() # Runs even if there is a failure
# run: echo "View results in GitHub Action logs" >> "$GITHUB_STEP_SUMMARY"
# dockle-scan:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Build and tag Docker image for scanning
# id: build-image
# run: |
# make APP_NAME=${{ inputs.app_name }} release-build
# IMAGE_NAME=$(make APP_NAME=${{ inputs.app_name }} release-image-name)
# IMAGE_TAG=$(make release-image-tag)
# echo "image=$IMAGE_NAME:$IMAGE_TAG" >> "$GITHUB_OUTPUT"
# # Dockle doesn't allow you to have an ignore file for the DOCKLE_ACCEPT_FILES
# # variable, this will save the variable in this file to env for Dockle
# - name: Set any acceptable Dockle files
# run: |
# if grep -q "^DOCKLE_ACCEPT_FILES=.*" .dockleconfig; then
# grep -s '^DOCKLE_ACCEPT_FILES=' .dockleconfig >> "$GITHUB_ENV"
# fi
# - name: Run Dockle container linter
# uses: erzz/[email protected]
# with:
# image: ${{ steps.build-image.outputs.image }}
# exit-code: "1"
# failure-threshold: WARN
# accept-filenames: ${{ env.DOCKLE_ACCEPT_FILES }}
# - name: Save output to workflow summary
# if: always() # Runs even if there is a failure
# run: |
# {
# echo '```json'
# cat dockle-report.json
# echo '```'
# } >> "$GITHUB_STEP_SUMMARY"