Skip to content
docker-nginx-proxy

Bump aquasecurity/trivy-action in /.github/workflows #89

Sign in to view logs

Bump aquasecurity/trivy-action in /.github/workflows

Bump aquasecurity/trivy-action in /.github/workflows #89

Workflow file for this run

.github/workflows/docker-nginx-proxy.yml at 42103d4
---
name: docker-nginx-proxy
on:
pull_request:
paths:
- 'pipelines/dockerfiles/docker-nginx-proxy/**'
- .github/workflows/docker-nginx-proxy.yml
branches: [ master ]
push:
paths:
- 'pipelines/dockerfiles/docker-nginx-proxy/**'
- .github/workflows/docker-nginx-proxy.yml
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-22.04
permissions:
security-events: write
defaults:
run:
working-directory: pipelines/dockerfiles/docker-nginx-proxy
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Docker login
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: make login
- name: Docker build
run: make build
- name: Docker tag
run: make tag
- name: Run trivy scan
uses: aquasecurity/[email protected]
with:
image-ref: 'docker.io/constantin07/docker-nginx-proxy:latest'
security-checks: 'vuln,secret,config'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
- name: Docker push
run: make push
checkov:
runs-on: ubuntu-22.04
permissions:
security-events: write
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Run Checkov action
uses: bridgecrewio/checkov-action@master
with:
directory: pipelines/dockerfiles/docker-nginx-proxy
framework: dockerfile
skip_check: CKV_DOCKER_2
output_format: sarif
output_file_path: checkov-results.sarif
soft_fail: true
- name: Upload Checkov results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'checkov-results.sarif'