Docker Vulnerability Scan #162

	name: Docker Vulnerability Scan

	on:
	workflow_dispatch:
	schedule:
	- cron: "0 0 * * *"
	jobs:
	scan-images:
	strategy:
	fail-fast: false
	matrix:
	image: ['r-ver', 'bioconductor_docker', 'tidyverse', 'ml-verse', 'shiny']

	name: Scan container images
	runs-on: ubuntu-latest
	steps:
	- name: Extract metadata for container image
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: ${{ github.repository_owner }}/${{ matrix.image }}
	tags: \|
	type=raw,value={{branch}}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ steps.meta.outputs.tags }}'
	format: 'table'
	exit-code: '0'
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

Provide feedback