Merge branch 'main' into main
This commit is contained in:
@@ -9,7 +9,7 @@
|
||||
# and parameters, see https://github.com/anchore/scan-action. For more
|
||||
# information on Anchore's container image scanning tool Grype, see
|
||||
# https://github.com/anchore/grype
|
||||
name: Anchore Container Scan
|
||||
name: Anchore Grype vulnerability scan
|
||||
|
||||
on:
|
||||
push:
|
||||
@@ -28,20 +28,21 @@ jobs:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
- name: Check out the code
|
||||
uses: actions/checkout@v3
|
||||
- name: Build the Docker image
|
||||
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
||||
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
|
||||
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
|
||||
- name: Run the Anchore Grype scan action
|
||||
uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
|
||||
id: scan
|
||||
with:
|
||||
image: "localbuild/testimage:latest"
|
||||
acs-report-enable: true
|
||||
fail-build: false
|
||||
- name: Upload Anchore Scan Report
|
||||
fail-build: true
|
||||
severity-cutoff: critical
|
||||
- name: Upload vulnerability report
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "Anchore Syft SBOM Scan",
|
||||
"organization": "Anchore",
|
||||
"creator": "Anchore",
|
||||
"description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.",
|
||||
"iconName": "anchore",
|
||||
"categories": ["Code Scanning", "dockerfile", "dependency-management"]
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "Anchore Container Scan",
|
||||
"creator": "Indeni Cloudrail",
|
||||
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
|
||||
"name": "Anchore Grype Vulnerability Scan",
|
||||
"creator": "Anchore",
|
||||
"description": "Produce source and container vulnerability reports based on Anchore's open source Grype tool.",
|
||||
"iconName": "anchore",
|
||||
"categories": ["Code Scanning", "dockerfile"]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user