mirror of
https://github.com/formbricks/formbricks.git
synced 2026-05-03 03:14:34 -05:00
Matti Nannt
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
name: Docker Security Scan
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 2 * * *" # Daily at 2 AM UTC
|
|
workflow_dispatch:
|
|
workflow_run:
|
|
workflows: ["Docker Release to Github"]
|
|
types: [completed]
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
scan:
|
|
name: Vulnerability Scan
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
|
|
with:
|
|
image-ref: "ghcr.io/${{ github.repository }}:latest"
|
|
format: "sarif"
|
|
output: "trivy-results.sarif"
|
|
severity: "CRITICAL,HIGH,MEDIUM,LOW"
|
|
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@a4e1a019f5e24960714ff6296aee04b736cbc3cf # v3.29.6
|
|
if: ${{ always() && hashFiles('trivy-results.sarif') != '' }}
|
|
with:
|
|
sarif_file: "trivy-results.sarif"
|