mirrors/diun
1
0
Fork 0
mirror of https://github.com/crazy-max/diun.git synced 2025-12-21 21:33:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1464 from crazy-max/scout

Browse Source 
ci: scan image with docker scout
This commit is contained in:
CrazyMax
2025-08-03 22:08:14 +02:00
committed by GitHub
parent 7b59863a00 adcf977daa
commit 0cb1e60c9c
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/build.yml vendored
View File

@@ -21,6 +21,7 @@ env:
GHCR_SLUG: ghcr.io/crazy-max/diun GHCR_SLUG: ghcr.io/crazy-max/diun
DESTDIR: ./bin DESTDIR: ./bin
DOCKER_BUILD_SUMMARY: false DOCKER_BUILD_SUMMARY: false
SCOUT_VERSION: "1.18.2"
jobs: jobs:
prepare: prepare:
@@ -358,3 +359,34 @@ jobs:
docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }} docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
docker pull ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }} docker pull ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }} docker image inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
scout:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/master' }}
permissions:
# same as global permission
contents: read
# required to write sarif report
security-events: write
needs:
- image
steps:
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Scout
id: scout
uses: crazy-max/.github/.github/actions/docker-scout@ccae1c98f1237b5c19e4ef77ace44fa68b3bc7e4
with:
version: ${{ env.SCOUT_VERSION }}
format: sarif
image: registry://${{ env.DOCKERHUB_SLUG }}:edge
-
name: Upload SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scout.outputs.result-file }}