Skip to content
Weekly Vulnerability Scan

Scan Latest Two Semantically Versioned Docker Image Tags with ORT #20

Sign in to view logs

Scan Latest Two Semantically Versioned Docker Image Tags with ORT

Scan Latest Two Semantically Versioned Docker Image Tags with ORT #20

Workflow file for this run

.github/workflows/weekly_vuln_scan.yml at af5d643
name: Weekly Vulnerability Scan
on:
schedule:
- cron: "0 14 * * 1" # Works on each monday 14:00 UTC
workflow_dispatch:
jobs:
fetch-and-scan:
runs-on: ubuntu-latest
steps:
- name: Setup Docker
run: |
sudo service docker start
- name: List Docker Image Tags
id: list-tags
run: |
IMAGE="alpine"
TAGS=$(./docker-tags.sh $IMAGE)
echo "Tags fetched: $TAGS"
LATEST_PATCHES=$(echo $TAGS | tr ' ' '\n' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | awk -F '.' '{key=$1"."$2; if(!a[key] || $3 > a[key]) {a[key]=$0}} END {for (i in a) print a[i]}' | paste -sd ',' -)
echo "Latest patches: $LATEST_PATCHES"
echo "LATEST_PATCHES=$LATEST_PATCHES" >> $GITHUB_ENV
- name: Scan Docker Images with Trivy
run: |
IFS=',' read -ra TAGS <<< "${{ env.LATEST_PATCHES }}"
for TAG in "${TAGS[@]}"
do
IMAGE="alpine:$TAG"
echo "Scanning $IMAGE"
docker pull $IMAGE
docker run --rm aquasec/trivy:latest image --severity CRITICAL,HIGH --exit-code 1 "$IMAGE"
done