Skip to content

Update security.yml #156

Update security.yml

Update security.yml #156

Workflow file for this run

name: Vulnerability detection
on:
schedule:
- cron: '0 9 * * *'
push:
branches-ignore:
- master
jobs:
vulnerability-detection:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
## Alpine
### Alpine 3.15
- image: "alpine/3.15/8.0/Dockerfile"
tags: "8.0-alpine3.15"
platforms: "linux/amd64"
# - image: "alpine/3.15/8.1/Dockerfile"
# tags: "8.1-alpine3.15"
# platforms: "linux/amd64"
# ### Alpine 3.16
# - image: "alpine/3.16/8.0/Dockerfile"
# tags: "8.0-alpine3.16"
# platforms: "linux/amd64"
# - image: "alpine/3.16/8.1/Dockerfile"
# tags: "8.1-alpine3.16"
# platforms: "linux/amd64"
# - image: "alpine/3.16/8.2/Dockerfile"
# tags: "8.2-alpine3.16"
# platforms: "linux/amd64"
# ### Alpine 3.17
# - image: "alpine/3.17/8.1/Dockerfile"
# tags: "8.1-alpine3.17"
# platforms: "linux/amd64"
# - image: "alpine/3.17/8.2/Dockerfile"
# tags: "8.2-alpine3.17"
# platforms: "linux/amd64"
steps:
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# - name: Login to AWS ECR
# uses: aws-actions/amazon-ecr-login@v1
# - name: Build and push
# id: docker-build
# uses: docker/build-push-action@v2
# with:
# push: ${{ github.ref != 'refs/heads/master' }}
# file: ${{ matrix.image }}
# tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ secrets.AWS_ECR_REPO }}:${{ matrix.tags }}-${{ github.sha }}
# platforms: ${{ matrix.platforms }}
# - name: Scan Docker image
# id: docker-scan
# uses: alexjurkiewicz/[email protected]
# with:
# repository: ${{ secrets.AWS_ECR_REPO }}
# tag: ${{ join(matrix.tags) }}-${{ github.sha }}
# - name: Delete images after scan images
# run: |
# aws ecr batch-delete-image --repository-name ${{ secrets.AWS_ECR_REPO }} --image-id imageTag="${{ join(matrix.tags) }}-${{ github.sha }}"
# - run: |
# echo "${{ steps.docker-scan.outputs.total }} total vulnerabilities."
# - name: Fail the execution
# if: ${{ steps.docker-scan.outputs.total > 0 }}
# run: exit 1
- name: Set Date and Time
id: set-date
run: echo "::set-output name=current_datetime::$(date +'%Y-%m-%d %H:%M:%S')"
# - name: Set Color
# id: set-color
# run: |
# if [[ "${{ steps.docker-scan.outputs.total == 0 }}" ]]; then
# COLOR="#008000"
# else
# COLOR="#ff0000"
# fi
# echo "COLOR=$COLOR" >> $GITHUB_ENV
- name: Set Color
id: set-color
run: |
if [[ "${{ true }}" ]]; then
COLOR="#008000"
else
COLOR="#ff0000"
fi
echo "::set-output name=color::$COLOR"
- name: Send GitHub Action trigger data to Slack workflow
id: slack
uses: slackapi/[email protected]
with:
payload: |
{
"text": "Scanned image tag *${{ matrix.tags }}*.",
"attachments": [
{
"pretext": "Vulnerability scan outputs for ${{ steps.set-date.outputs.current_datetime }}",
"color": "${{ steps.set-color.outputs.color }}",
"fields": [
{
"title": "Status",
"short": true,
"value": "0 total vulnerabilities"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK