diff --git a/.github/workflows/docker-bench-security.yml b/.github/workflows/docker-bench-security.yml new file mode 100644 index 0000000000..9b0cef861b --- /dev/null +++ b/.github/workflows/docker-bench-security.yml @@ -0,0 +1,38 @@ +name: Docker Bench for Security + +on: + pull_request: + branches: [ develop ] + +permissions: + contents: read + +jobs: + docker-bench-security: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Set up Python 3.8 + uses: actions/setup-python@v3 + with: + python-version: "3.8" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install . + - name: Run Docker Bench for Security + run: | + mkdir -p results + docker run --rm --privileged --pid host \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + --volume /usr:/usr \ + --volume /etc:/etc \ + --volume /lib/modules:/lib/modules:ro \ + docker/docker-bench-security > results/docker-bench-results.txt + - name: Upload Results + uses: actions/upload-artifact@v3 + with: + name: docker-bench-results + path: results/docker-bench-results.txt \ No newline at end of file