Create dependabot.yml

Signed-off-by: Anurag Rajawat <[email protected]>
anurag-rajawat · May 22, 2024 · 1a0ea02 · 1a0ea02
1 parent 8121839
commit 1a0ea02
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 12 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,29 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "gomod"
+    directory: "/pkg/adapter/nimbus-kubearmor"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "gomod"
+    directory: "/pkg/adapter/nimbus-netpol"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "gomod"
+    directory: "/pkg/adapter/nimbus-kyverno"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml
@@ -49,17 +49,12 @@ jobs:
         run: make docker-build
         working-directory: ${{ inputs.WORKING_DIRECTORY }}
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@v0.20.0
+      - name: Scan image
+        uses: anchore/scan-action@v3
         with:
-          image-ref: 'docker.io/5gsec/${{ inputs.NAME }}:v0.1'
-          format: 'sarif'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-          scan-type: image
-          output: 'trivy-results.sarif'
+          image: '5gsec/${{ inputs.NAME }}:v0.1'
+          severity-cutoff: critical
+          output-format: sarif
 
       - name: Build and push image
         working-directory: ${{ inputs.WORKING_DIRECTORY }}

diff --git a/.github/workflows/stable-release.yaml b/.github/workflows/stable-release.yaml
@@ -16,7 +16,7 @@ concurrency:
 
 jobs:
   release-nimbus-image:
-    if: github.repository == '5GSEC/nimbus'
+    #if: github.repository == '5GSEC/nimbus'
     name: Build and push nimbus image
     uses: ./.github/workflows/release-image.yaml
     with:
@@ -25,7 +25,7 @@ jobs:
     secrets: inherit
 
   release-adapters-image:
-    if: github.repository == '5GSEC/nimbus'
+    #if: github.repository == '5GSEC/nimbus'
     strategy:
       matrix:
         adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]