Docker Image Scan #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image Scan | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 1' # Jeden Montag um 00:00 Uhr | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - Samples/PublicSamples/RecordingBot/** | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Trivy | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y wget apt-transport-https gnupg lsb-release | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install -y trivy | |
| - name: Run Trivy Scan | |
| run: | | |
| trivy image --format sarif --output trivy-results.sarif ghcr.io/lm-development/aks-sample/aks-sample:latest | |
| - name: Check Trivy Scan Result | |
| if: always() | |
| run: | | |
| if grep -q "Vulnerability" trivy-results.sarif; then | |
| echo "Vulnerabilities found" | |
| else | |
| echo "No vulnerabilities found" | |
| fi | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| - name: Display Trivy scan logs | |
| if: always() | |
| run: cat trivy-results.sarif |