Skip to content

Commit

Permalink
ci: enable scheduled trivy scanner and report vulnerabilities as GH i…
Browse files Browse the repository at this point in the history
…ssues

This workflow enables a scheduled scanner (that can also be run from a workflow dispatch) to
scan images using the trivy scanner. At the same time, enables the automatic creation/edition
of Github issues when a vulnerability is found.

Fixes #9
  • Loading branch information
DnPlas committed Oct 16, 2024
1 parent dd6888e commit 30ebabb
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/scan_images.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Scan images

on:
schedule:
- cron: '00 23 * * *'
workflow_dispatch:

jobs:

scan-images:
name: Scan published images and report vulnerabilities
uses: canonical/charmed-kubeflow-workflows/.github/workflows/get-published-images-scan-and-report.yaml@main
strategy:
matrix:
branch: [main, track/1.0]
secrets:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
with:
report-vulnerabilities: true
severity: "HIGH,CRITICAL"
branch: ${{ matrix.branch }}

0 comments on commit 30ebabb

Please sign in to comment.