lacework #165

Summary
Jobs
- scan
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/lacework.yml at 2e127ff

	name: lacework

	on:
	push:
	tags:
	- '*'

	jobs:
	scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- uses: coursier/cache-action@v3

	- name: Set up JDK
	uses: actions/setup-java@v1
	with:
	java-version: 11

	- name: Get current version
	id: ver
	run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"

	- name: Install lacework scanner
	run: \|
	sudo apt-get update
	sudo apt-get -y install curl
	curl -L https://github.com/lacework/lacework-vulnerability-scanner/releases/latest/download/lw-scanner-linux-amd64 -o lw-scanner
	chmod +x lw-scanner

	- name: Build docker images and publish them locally
	run: sbt docker:publishLocal

	- name: Scan enrich-pubsub
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-pubsub ${{ steps.ver.outputs.tag }} --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-pubsub distroless
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-pubsub ${{ steps.ver.outputs.tag }}-distroless --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-kinesis
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-kinesis ${{ steps.ver.outputs.tag }} --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-kinesis distroless
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-kinesis ${{ steps.ver.outputs.tag }}-distroless --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-kafka
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-kafka ${{ steps.ver.outputs.tag }} --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-kafka distroless
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-kafka ${{ steps.ver.outputs.tag }}-distroless --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-nsq
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-nsq ${{ steps.ver.outputs.tag }} --build-id ${{ github.run_id }} --no-pull

	- name: Scan enrich-nsq distroless
	env:
	LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
	LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
	LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }}
	run: ./lw-scanner image evaluate snowplow/snowplow-enrich-nsq ${{ steps.ver.outputs.tag }}-distroless --build-id ${{ github.run_id }} --no-pull

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lacework #165

Workflow file

lacework #165

Jobs

Run details

Workflow file for this run