Unverified Commit 553e061b authored by Daniel Holbach's avatar Daniel Holbach Committed by GitHub
Browse files

Merge pull request #199 from evrardjp/ci/add-security-scanner

feat: Add security scanning into CI
parents 598964b0 8961cbf2
general:
bestPracticeViolations:
# We violate this rule because we add kubectl from a remote location
# Instead of building it from source/copying it.
# Until we change our practices (e.g. have Dockerfile build kubectl
# in a multi-staged manner), we should skip this check
- CIS-DI-0009
# This should not be made a mandatory test
# It is only used to make us aware of any potential security failure, that
# should trigger a bump of the image in build/.
name: "Image vulnerability scan"
on: [push, pull_request]
jobs:
build-and-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- run: make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" image
- uses: Azure/container-scan@v0
with:
image-name: docker.io/${{ github.repository_owner }}/kured:${{ github.sha }}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment