v5.1.0 - Add re-usable workflow to check for vulnerabilities

Latest

Marketplace

Latest

Marketplace

JeroenKnoops released this 21 Dec 21:51

· 88 commits to main since this release

New feature

When using Rekor to store the SBOM, you can use a workflow to get a vulnerability report created by Grype.

Example

name: Check vulnerabilities 

on:
  schedule:
    - cron: '14 15 * * 1'
  workflow_dispatch:

permissions: 
  id-token: write

jobs:
  check:
    name: Check Vulnerabities
    uses: philips-software/docker-ci-scripts/.github/workflows/check-vulnerabilities.yaml@main
    with:
      image: <your-container>

Example can be found here.

What's Changed

Bump stefanzweifel/git-auto-commit-action from 4.15.3 to 4.15.4 by @dependabot in #159
add reusable workflow for checking for vulnerabilities by @JeroenKnoops in #161
Check vulnerabilities by @JeroenKnoops in #162
Fix README.md: DOCKER_BUILD_ARG -> DOCKER_BUILD_ARGS by @daantimmer in #163
Update readme on Docker.io by @JeroenKnoops in #166
Optimize workflow by @JeroenKnoops in #167

New Contributors

@daantimmer made their first contribution in #163

Full Changelog: v5.0.0...v5.1.0

Contributors

JeroenKnoops, daantimmer, and dependabot

Assets 2