Skip to content

Docker Vulnerability Scan #199

Docker Vulnerability Scan

Docker Vulnerability Scan #199

Workflow file for this run

name: Docker Vulnerability Scan
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
scan-images:
strategy:
fail-fast: false
matrix:
image: ['r-ver', 'bioconductor_docker', 'tidyverse', 'ml-verse', 'shiny']
name: Scan container images
runs-on: ubuntu-latest
steps:
- name: Extract metadata for container image
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ github.repository_owner }}/${{ matrix.image }}
tags: |
type=raw,value={{branch}}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ steps.meta.outputs.tags }}'
format: 'table'
exit-code: '0'
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'