test: add tirvy vulnerability scanner github action
fix typo
This commit is contained in:
andyzhangx
55
.github/workflows/trivy.yaml
vendored
Normal file
55
.github/workflows/trivy.yaml
vendored
Normal file
@@ -0,0 +1,55 @@
|
|||||||
|
name: Trivy vulnerability scanner
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
pull_request:
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
name: Build
|
||||||
|
runs-on: ubuntu-18.04
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Install go
|
||||||
|
uses: actions/setup-go@v2
|
||||||
|
with:
|
||||||
|
go-version: ^1.16
|
||||||
|
|
||||||
|
- name: Build images from Dockerfile
|
||||||
|
run: |
|
||||||
|
make
|
||||||
|
docker build -t test/csi-snapshotter:latest -f ./cmd/csi-snapshotter/Dockerfile --output=type=docker --label revision=latest .
|
||||||
|
docker build -t test/snapshot-controller:latest -f ./cmd/snapshot-controller/Dockerfile --output=type=docker --label revision=latest .
|
||||||
|
docker build -t test/snapshot-validation-webhook:latest -f ./cmd/snapshot-validation-webhook/Dockerfile --output=type=docker --label revision=latest .
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner on csi-snapshotter image
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: 'test/csi-snapshotter:latest'
|
||||||
|
format: 'table'
|
||||||
|
exit-code: '1'
|
||||||
|
ignore-unfixed: true
|
||||||
|
vuln-type: 'os,library'
|
||||||
|
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner on snapshotter-controller image
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: 'test/snapshot-controller:latest'
|
||||||
|
format: 'table'
|
||||||
|
exit-code: '1'
|
||||||
|
ignore-unfixed: true
|
||||||
|
vuln-type: 'os,library'
|
||||||
|
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner on snapshot-validation-webhook image
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: 'test/snapshot-validation-webhook:latest'
|
||||||
|
format: 'table'
|
||||||
|
exit-code: '1'
|
||||||
|
ignore-unfixed: true
|
||||||
|
vuln-type: 'os,library'
|
||||||
|
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
|
||||||
Reference in New Issue
Block a user