tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-03 23:09:35 -06:00
Code Issues Packages Projects Releases Wiki Activity

ci: scan Docker image for CRITICAL/HIGH CVEs with Trivy

Browse Source 
Runs aquasecurity/trivy-action after the build step and fails the
workflow if any CRITICAL or HIGH severity vulnerabilities are found,
blocking the push to Docker Hub.
This commit is contained in:
Steve Dogiakos
2026-03-28 23:23:33 -06:00
parent 898441af0c
commit aa7fefe497
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/docker-image.yml
+7
View File
@@ -25,6 +25,13 @@ jobs:
docker build . --file Dockerfile --tag $IMAGE_TAG docker build . --file Dockerfile --tag $IMAGE_TAG
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
# Uncomment below to push the image to Docker Hub (or another registry) # Uncomment below to push the image to Docker Hub (or another registry)
- name: Scan image for vulnerabilities
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: ${{ env.IMAGE_TAG }}
format: table
exit-code: '1'
severity: CRITICAL,HIGH
- name: Push the Docker image - name: Push the Docker image
if: github.event_name == 'push' if: github.event_name == 'push'
run: | run: |