Trivy Scan #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trivy Scan | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 20 * * *" | |
| jobs: | |
| scan-policy-engine: | |
| runs-on: ubuntu-latest | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| # IMPORTANT: network=host lets buildkit reach localhost:5000 | |
| - uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - name: Build & push policy-engine image | |
| run: | | |
| export RUNTIME_IMAGE=localhost:5000/policy-engine | |
| export RUNTIME_TAG=$RUNTIME_IMAGE:trivy | |
| make -C gateway/policy-engine build-and-push-multiarch \ | |
| RUNTIME_IMAGE=localhost:5000/policy-engine \ | |
| RUNTIME_TAG=localhost:5000/policy-engine:trivy | |
| - name: Trivy scan policy-engine | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'localhost:5000/policy-engine:trivy' | |
| format: 'table' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| - name: Build & push gateway-controller | |
| run: | | |
| make -C gateway/gateway-controller build-and-push-multiarch \ | |
| IMAGE_NAME=localhost:5000/gateway-controller \ | |
| VERSION=trivy | |
| - name: Trivy scan gateway-controller | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'localhost:5000/gateway-controller:trivy' | |
| format: 'table' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| - name: Build & push gateway-builder | |
| run: | | |
| make -C gateway/gateway-builder build-and-push-multiarch \ | |
| IMAGE_NAME=localhost:5000/gateway-builder \ | |
| VERSION=trivy | |
| - name: Trivy scan gateway-builder | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'localhost:5000/gateway-builder:trivy' | |
| format: 'table' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| - name: Build & push router | |
| run: | | |
| make -C gateway/router build-and-push-multiarch \ | |
| IMAGE_NAME=localhost:5000/router \ | |
| VERSION=trivy | |
| - name: Trivy scan router | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'localhost:5000/router:trivy' | |
| format: 'table' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' |