Skip to content

Merge pull request #353 from stefanprodan/release-6.6.1 #174

Merge pull request #353 from stefanprodan/release-6.6.1

Merge pull request #353 from stefanprodan/release-6.6.1 #174

Workflow file for this run

name: cve-scan
on:
push:
branches:
- "master"
permissions:
contents: read
jobs:
trivy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Build image
id: build
run: |
IMAGE=test/podinfo:${GITHUB_SHA}
docker build -t ${IMAGE} .
echo "image=$IMAGE" >> $GITHUB_OUTPUT
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.build.outputs.image }}
format: table
exit-code: "1"
ignore-unfixed: true
vuln-type: os,library
severity: CRITICAL,HIGH