Skip to content

Trivy Periodic Image Scan #95

Trivy Periodic Image Scan

Trivy Periodic Image Scan #95

---
#
# This workflow scans the published container images
# for new vulnerabilities daily, publishing findings.
# Findings will be associated with the 'main' branch
# of the repo' in the GitHub Security tab.
#
name: Trivy Periodic Image Scan
on:
schedule:
# run daily
- cron: "0 0 * * *"
jobs:
to-lower-case:
runs-on: ubuntu-latest
name: to-lower-case
steps:
- name: Ensure repo' name is lower case
id: repo
uses: vishalmamidi/lowercase-action@v1
with:
string: ${{ github.repository }}
outputs:
lowercase-repo-name: ${{ steps.repo.outputs.lowercase }}
trivy-matrix:
name: trivy-${{ matrix.notebook_type }}
needs: to-lower-case
strategy:
matrix:
notebook_type:
- jupyter
- rstudio
uses: "./.github/workflows/trivy.yml"
with:
NOTEBOOK_TYPE: ${{ matrix.notebook_type }}
SOURCE_TYPE: image
# While GitHub repo's can be mixed (upper and lower) case,
# Docker images can only be lower case
IMAGE_NAME: ghcr.io/${{ needs.to-lower-case.outputs.lowercase-repo-name
}}-${{ matrix.notebook_type }}:main
...