|
| 1 | +# This workflow uses actions that are not certified by GitHub. |
| 2 | +# They are provided by a third-party and are governed by |
| 3 | +# separate terms of service, privacy policy, and support |
| 4 | +# documentation. |
| 5 | + |
| 6 | +# This workflow checks out code, builds an image, performs a container image |
| 7 | +# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security |
| 8 | +# code scanning feature. For more information on the Anchore scan action usage |
| 9 | +# and parameters, see https://github.com/anchore/scan-action. For more |
| 10 | +# information on Anchore's container image scanning tool Grype, see |
| 11 | +# https://github.com/anchore/grype |
| 12 | +name: Anchore Container Scan |
| 13 | + |
| 14 | +on: |
| 15 | + push: |
| 16 | + branches: [ master ] |
| 17 | + pull_request: |
| 18 | + # The branches below must be a subset of the branches above |
| 19 | + branches: [ master ] |
| 20 | + schedule: |
| 21 | + - cron: '40 17 * * 4' |
| 22 | + |
| 23 | +permissions: |
| 24 | + contents: read |
| 25 | + |
| 26 | +jobs: |
| 27 | + Anchore-Build-Scan: |
| 28 | + permissions: |
| 29 | + contents: read # for actions/checkout to fetch code |
| 30 | + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
| 31 | + runs-on: ubuntu-latest |
| 32 | + steps: |
| 33 | + - name: Checkout the code |
| 34 | + uses: actions/checkout@v2 |
| 35 | + - name: Build the Docker image |
| 36 | + run: docker build . --file Dockerfile --tag localbuild/testimage:latest |
| 37 | + - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
| 38 | + uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd |
| 39 | + with: |
| 40 | + image: "localbuild/testimage:latest" |
| 41 | + acs-report-enable: true |
| 42 | + - name: Upload Anchore Scan Report |
| 43 | + uses: github/codeql-action/upload-sarif@v1 |
| 44 | + with: |
| 45 | + sarif_file: results.sarif |
0 commit comments