4dd2c581ac
Introduces a new 'scan' workflow for scanning the main branch container for vulnerabilities nightly. By default, this will fail for any 'medium' or higher vulnerability. Fixes #613
20 lines
455 B
YAML
20 lines
455 B
YAML
name: scan
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Build the container image
|
|
run: |
|
|
docker build --tag whoogle-search:test .
|
|
- name: Initiate grype scan
|
|
run: |
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
|
|
chmod +x ./grype
|
|
./grype whoogle-search:test --only-fixed
|