Skip to content

SCA Scan Project 3.yml #1

SCA Scan Project 3.yml

SCA Scan Project 3.yml #1

name: SCA Scan Project 3
on:
push:
branches:
- main
jobs:
deploy-and-scan:
name: Pull Docker Image and SCA Scan
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Pull Docker Image
run: docker pull CHANGE
- name: Install Trivy
run: |
curl -sfL https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update && sudo apt-get install -yq trivy
build:
name: Image Scan
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'image'
scanners: 'vuln'
image-ref: CHANGE
scan-ref: '.'
hide-progress: false
format: 'table'
ignore-unfixed: true