Skip to content

Commit f45e948

Browse files
tcarmettcarmet
authored
Merge branch 'main' into dependabot/github_actions/docker/build-push-action-4
2 parents 0244826 + 1f090af commit f45e948

File tree

5 files changed

+23
-3
lines changed

5 files changed

+23
-3
lines changed

.github/workflows/docker-build.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,15 +60,15 @@ jobs:
6060
runs-on: ubuntu-latest
6161
steps:
6262
- name: Checkout
63-
uses: actions/checkout@v2
63+
uses: actions/checkout@v3
6464
with:
6565
lfs: ${{ inputs.lfs }}
6666

6767
- name: Set up Docker Buildx
6868
uses: docker/setup-buildx-action@v2
6969

7070
- name: Login to ${{ inputs.registry }}
71-
uses: docker/login-action@v1
71+
uses: docker/login-action@v2
7272
with:
7373
registry: ${{ inputs.registry }}
7474
username: ${{ env.REGISTRY_LOGIN }}

.github/workflows/publish-docs.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- run: pip install -r requirements.txt
3232
- run: mkdocs build --strict
3333
- name: Setup Pages
34-
uses: actions/configure-pages@v1
34+
uses: actions/configure-pages@v3
3535
- uses: actions/upload-pages-artifact@v1
3636
with:
3737
path: site/

.github/workflows/tests.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
on: push
22

3+
permissions:
4+
packages: write
5+
contents: read
6+
security-events: write
7+
38
jobs:
49
docker-build:
510
uses: ./.github/workflows/docker-build.yaml

docs/trivy.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
# Trivy
2+
3+
`trivy.yaml` is a GitHub Actions workflow that utilizes Trivy,
4+
an open-source vulnerability scanner for Docker containers and images.
5+
The action is triggered when a workflow is called with an image-ref input.
6+
It performs the following:
7+
8+
* A scan of the specified Docker image with Trivy using the [trivy action](https://github.com/aquasecurity/trivy-action).
9+
* Upload the Trivy scan results in SARIF format to GitHub Security tab
10+
using the [upload-sarif](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github) action.
11+
12+
This configuration file enables easy integration of vulnerability scanning
13+
for Docker images into a GitHub CI/CD pipeline. Results can be viewed in the
14+
GitHub Security tab for further analysis and vulnerability remediation.

mkdocs.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ theme:
4040
nav:
4141
- Home: index.md
4242
- Docker build: docker-build.md
43+
- Trivy: trivy.md
4344
- Known issues: known-issues.md
4445

4546
markdown_extensions:

0 commit comments

Comments
 (0)