51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
name: image-scanning
|
|
on:
|
|
push:
|
|
jobs:
|
|
use-trivy-to-scan-image:
|
|
name: image-scanning
|
|
if: ${{ github.repository == 'karmada-io/karmada' }}
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
target:
|
|
- karmada-controller-manager
|
|
- karmada-scheduler
|
|
- karmada-descheduler
|
|
- karmada-webhook
|
|
- karmada-agent
|
|
- karmada-scheduler-estimator
|
|
- karmada-interpreter-webhook-example
|
|
- karmada-aggregated-apiserver
|
|
- karmada-search
|
|
- karmada-operator
|
|
- karmada-metrics-adapter
|
|
steps:
|
|
- name: checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Build an image from Dockerfile
|
|
run: |
|
|
export VERSION="latest"
|
|
export REGISTRY="docker.io/karmada"
|
|
make image-${{ matrix.target }}
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@0.12.0
|
|
with:
|
|
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
|
|
format: 'sarif'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
output: 'trivy-results.sarif'
|
|
- name: display scan results
|
|
uses: aquasecurity/trivy-action@0.12.0
|
|
with:
|
|
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
|
|
format: 'table'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v2
|
|
with:
|
|
sarif_file: 'trivy-results.sarif'
|