Skip to content

Nightly Vulnerability Scan #249

Nightly Vulnerability Scan

Nightly Vulnerability Scan #249

name: Nightly Vulnerability Scan
on:
schedule:
# Schedule to run every night at midnight
- cron: '0 0 * * *'
jobs:
vulnerability-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Grype
run: |
# Install Grype
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
- name: Get latest commit SHA of Kaniko project
id: get-commit
run: |
LATEST_COMMIT_SHA=$(git rev-parse HEAD)
echo "Latest commit SHA: $LATEST_COMMIT_SHA"
echo "::set-output name=sha::$LATEST_COMMIT_SHA"
- name: Scan the latest CI/CD image
run: |
IMAGE_ID="gcr.io/kaniko-project/executor:${{ steps.get-commit.outputs.sha }}"
echo "Scanning image $IMAGE_ID"
grype $IMAGE_ID > grype-output.txt
- name: Check for vulnerabilities and create an issue
run: |
if grep -q 'No vulnerabilities found' grype-output.txt; then
echo "No vulnerabilities found."
else
gh issue create --title "Vulnerabilities Found in Nightly Scan" --body "Vulnerabilities found in the latest image scan. Please check the attached report." --file grype-output.txt
fi