Skip to content

Vulnerabilities Scan #1252

Vulnerabilities Scan

Vulnerabilities Scan #1252

name: Vulnerabilities Scan
on:
workflow_dispatch:
pull_request:
paths:
- .github/workflows/vulnerabilities_scan.yml
- .snyk
- Dockerfile
push:
branches:
- master
schedule:
- cron: '0 2 * * *'
concurrency:
group: scan-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
cancel-in-progress: true
jobs:
scan:
timeout-minutes: 10
name: Scan docker image
env:
IMAGE_NAME: hazelcast/management-center:${{ github.sha }}
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/build-push-action@v6
with:
context: .
tags: ${{ env.IMAGE_NAME }}
load: true
- name: Scan image by Snyk
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.IMAGE_NAME }}
args: >-
--file=Dockerfile
--print-deps
--exclude-base-image-vulns
--exclude-app-vulns
--policy-path=.snyk
--fail-on=upgradable
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
if: ${{ failure() }}
with:
sarif_file: snyk.sarif