Repo Scan #14

Workflow file for this run

.github/workflows/trivy_scan.yml at 40f792b

	name: Repo Scan
	on:
	push:
	branches: [ "master" ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ "master" ]
	schedule:
	- cron: '28 3 * * 5'

	jobs:
	repo_scan:
	name: repo_scan
	runs-on: ubuntu-20.04
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'


	scan_2_10:
	name: scan_2_10
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile ./images/ckan/2.10/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'


	scan_2_10_focal:
	name: scan_2_10_focal
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/ckan/2.10-focal:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile.focal ./images/ckan/2.10/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/ckan/2.10-focal:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

	scan_2_9:
	name: scan_2_9
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/ckan/2.9:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile ./images/ckan/2.9/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/ckan/2.9:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

	scan_2_9_focal:
	name: scan_2_9_focal
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/ckan/2.9-focal:${{ github.sha }} -f ./images/ckan/2.9/Dockerfile.focal ./images/ckan/2.9/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/ckan/2.9-focal:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

	scan_psql_init:
	name: scan_psql_init
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/psql-init:${{ github.sha }} -f ./images/psql-init/Dockerfile ./images/psql-init/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/psql-init:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'


	scan_datapusher:
	name: scan_datapusher
	runs-on: ubuntu-20.04
	steps:

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t keitaro/datapusher:${{ github.sha }} -f ./images/datapusher/Dockerfile ./images/datapusher/

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'keitaro/datapusher:${{ github.sha }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repo Scan #14

Workflow file

Repo Scan #14

Jobs

Run details

Workflow file for this run