forked from zaclys/searxng
		
	Merge pull request #1730 from dalf/docker-trivy
GitHub worfklow: add daily security check using trivy
This commit is contained in:
		
						commit
						174e524256
					
				
					 1 changed files with 28 additions and 0 deletions
				
			
		
							
								
								
									
										28
									
								
								.github/workflows/security.yml
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								.github/workflows/security.yml
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,28 @@ | ||||||
|  | name: "Security checks" | ||||||
|  | on: | ||||||
|  |   schedule: | ||||||
|  |     - cron: "42 05 * * *" | ||||||
|  |   workflow_dispatch: | ||||||
|  | 
 | ||||||
|  | jobs: | ||||||
|  |   dockers: | ||||||
|  |     name: Trivy ${{ matrix.image }} | ||||||
|  |     runs-on: ubuntu-20.04 | ||||||
|  |     steps: | ||||||
|  |       - name: Checkout | ||||||
|  |         uses: actions/checkout@v2 | ||||||
|  | 
 | ||||||
|  |       - name: Run Trivy vulnerability scanner | ||||||
|  |         uses: aquasecurity/trivy-action@master | ||||||
|  |         with: | ||||||
|  |           image-ref: 'searxng/searxng:latest' | ||||||
|  |           ignore-unfixed: false | ||||||
|  |           vuln-type: 'os,library' | ||||||
|  |           severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' | ||||||
|  |           format: 'sarif' | ||||||
|  |           output: 'trivy-results.sarif' | ||||||
|  | 
 | ||||||
|  |       - name: Upload Trivy scan results to GitHub Security tab | ||||||
|  |         uses: github/codeql-action/upload-sarif@v2 | ||||||
|  |         with: | ||||||
|  |           sarif_file: 'trivy-results.sarif' | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Alexandre Flament
						Alexandre Flament