Add vulnerability scan workflow

caroline-ttd · caroline-ttd · commit 5abd4c22923b · 2025-03-11T00:44:54.000-07:00
diff --git a/.github/workflows/vulnerability-scan-failure-notify.yaml b/.github/workflows/vulnerability-scan-failure-notify.yaml
@@ -0,0 +1,25 @@
+name: Vulnerability Scan Failure Slack Notify
+on:
+  push: # todo: remove before merging
+  workflow_dispatch:
+    inputs:
+      vulnerability_severity:
+        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. DO NOT use 'CRITICAL' unless a Jira ticket is raised.
+        type: choice
+        options:
+          - CRITICAL,HIGH
+          - CRITICAL,HIGH,MEDIUM
+          - CRITICAL
+        default: 'CRITICAL,HIGH'
+  schedule:
+    - cron: '0 16 * * *'  # 9:00 AM GMT -7
+    - cron: '0 0 * * *'   # 5:00 PM GMT -7
+
+jobs:
+  vulnerability-scan-failure-notify:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@ccm-UID2-4528-report-faillures-on-scheduled-vulnerability-detection-runs # todo: change to v3 before merging
+    secrets:
+      SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }}
+    with:
+      scan_type : image
+      java_version: "21"
