apps/scratch-cloudvars-server
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

fix: trivy workflow
All checks were successful
Build, Scan and Publish Docker Image / build-and-push (push) Successful in 58s
Details

Browse Source
This commit is contained in:
Arne Baeumler
2026-01-18 12:18:07 +01:00
parent 2131a6ee44
commit 724883fd04
1 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.gitea/workflows/publish-docker.yml
View File

@@ -41,25 +41,25 @@ jobs:
load: true # This loads the image into the local docker daemon for Trivy to find load: true # This loads the image into the local docker daemon for Trivy to find
tags: local_scan_target:${{ github.sha }} tags: local_scan_target:${{ github.sha }}
- name: Run Trivy vulnerability scanner # - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master # uses: aquasecurity/trivy-action@master
with: # with:
image-ref: 'local_scan_target:${{ github.sha }}' # image-ref: 'local_scan_target:${{ github.sha }}'
format: 'table' # format: 'table'
exit-code: '1' # This will fail the pipeline if vulnerabilities are found # exit-code: '1' # This will fail the pipeline if vulnerabilities are found
ignore-unfixed: true # ignore-unfixed: true
vuln-type: 'os,library' # vuln-type: 'os,library'
severity: 'CRITICAL,HIGH' # severity: 'CRITICAL,HIGH'
server-url: 'http://trivy-server:8080' # server-url: 'http://trivy-server:8080'
env: # env:
- DOCKER_HOST: unix:///var/run/docker.sock # - DOCKER_HOST: unix:///var/run/docker.sock
- TRIVY_USERNAME: ${{ secrets.PACKAGE_USER }} # - TRIVY_USERNAME: ${{ secrets.PACKAGE_USER }}
- TRIVY_PASSWORD: ${{ secrets.PACKAGE_TOKEN }} # - TRIVY_PASSWORD: ${{ secrets.PACKAGE_TOKEN }}
# - name: Run Trivy scanner (Binary Mode) - name: Run Trivy scanner (Binary Mode)
# run: | run: |
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed local_scan_target:${{ github.sha }} trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
# Step 3: If scan passes, Build and Push to Registry # Step 3: If scan passes, Build and Push to Registry
- name: Build and push Docker image - name: Build and push Docker image