diff options
| author |  Yash Singh <99066083+yashsingh74@users.noreply.github.com>
| 2022-12-16 20:17:52 +0530 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-12-16 09:47:52 -0500 |
| commit | 1d55217ea8cd31c43c1ac62a0d7654c5aa16b961 (patch) | |
| tree | cd3437db0dec3fd9e18b975150876d162d850a1b /.github | |
| parent | 3b81fc8d8c54da2632e40d80fceda42dcdb8e6ac (diff) | |
| download | coredns-1d55217ea8cd31c43c1ac62a0d7654c5aa16b961.tar.gz coredns-1d55217ea8cd31c43c1ac62a0d7654c5aa16b961.tar.zst coredns-1d55217ea8cd31c43c1ac62a0d7654c5aa16b961.zip | |
Added trivy-nightly-scan for coredns images (#5810)
* Added trivy-nightly-scan for coredns images
Signed-off-by: Yash Singh <yashsingh1774@gmail.com>
Signed-off-by: Yash Singh <syash@vmware.com>
* Updated the changes
Signed-off-by: Yash Singh <syash@vmware.com>
Signed-off-by: Yash Singh <yashsingh1774@gmail.com>
Signed-off-by: Yash Singh <syash@vmware.com>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/trivy-scan.yaml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml new file mode 100644 index 000000000..b0f027eb9 --- /dev/null +++ b/.github/workflows/trivy-scan.yaml @@ -0,0 +1,34 @@ +name: Trivy Nightly Scan +on: + schedule: + - cron: '0 2 * * 5' #Run at 2AM UTC on every Friday + +permissions: read-all +jobs: + nightly-scan: + name: Trivy Scan nightly + strategy: + fail-fast: false + matrix: + # It will test for only the latest version as older version is not maintained + versions: [latest] + permissions: + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # master + with: + image-ref: 'docker.io/coredns/coredns:${{ matrix.versions }}' + severity: 'CRITICAL,HIGH' + format: 'template' + template: '@/contrib/sarif.tpl' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.36 + with: + sarif_file: 'trivy-results.sarif' |