Skip to content

Commit

Permalink
Create image-scan.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
behara authored May 2, 2024
1 parent af4f465 commit d2cbdd0
Showing 1 changed file with 73 additions and 0 deletions.
73 changes: 73 additions & 0 deletions .github/workflows/image-scan.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Build-Scan-Push-Image-scan

# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

env:
BuildNumber: ${{ github.run_id }}-${{ github.run_number }}
ImageName: 'manasiprabhavalkar/python-flask'

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2

- name: Build Docker image
uses: docker/[email protected]
with:
# Username used to log in to a Docker registry. If not set then no login will occur
username: ${{ secrets.DockerHubUser }}
# Password or personal access token used to log in to a Docker registry. If not set then no login will occur
password: ${{ secrets.DockerHubPassword }}
# Docker repository to tag the image with
repository: ${{ env.ImageName }}
# Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
tags: 'github-${{ env.BuildNumber }}'
# Path to the Dockerfile (Default is '{path}/Dockerfile')
dockerfile: 'Dockerfile'
# Whether to push the image
push: false

#- name: Trivy Scan
# uses: aquasecurity/trivy-action@master
# with:
# # image reference
# image-ref: ${{ env.ImageName }}:github-${{ env.BuildNumber }}
# # Type of vulnerabilities
# vuln-type: 'os,library'
# format: 'sarif'
# output: 'trivy-results.sarif'
# exit-code: 1

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivyExploitable.sarif'

#- name: Push Docker image
# uses: docker/[email protected]
# with:
# # Username used to log in to a Docker registry. If not set then no login will occur
# username: ${{ secrets.DockerHubUser }}
# # Password or personal access token used to log in to a Docker registry. If not set then no login will occur
# password: ${{ secrets.DockerHubPassword }}
# # Docker repository to tag the image with
# repository: ${{ env.ImageName }}
# # Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
# tags: 'github-${{ env.BuildNumber }}'
# # Path to the Dockerfile (Default is '{path}/Dockerfile')
# dockerfile: 'Dockerfile'
# # Whether to push the image
# push: true

0 comments on commit d2cbdd0

Please sign in to comment.