feat: create security-scan.yaml (#72)

borislavr · web-flow · commit 8947167ece86 · 2025-11-06T13:09:44.000+05:00
https://github.com/Netcracker/qubership-workflow-hub/issues/367
diff --git a/workflow-templates/security-scan.yaml b/workflow-templates/security-scan.yaml
@@ -0,0 +1,49 @@
+name: Docker Security Scan
+on:
+  schedule:
+    - cron: "0 0 * * 0" # Runs weekly on Sunday at midnight
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Scan part"
+        required: true
+        default: "docker"
+        type: choice
+        options:
+          - docker
+          - source
+      image:
+        description: "Docker image (for 'docker' target). By default ghcr.io/<owner>/<repo>:latest"
+        required: false
+        default: ""
+      only-high-critical:
+        description: "Scan only HIGH + CRITICAL"
+        required: false
+        default: true
+        type: boolean
+      trivy-scan:
+        description: "Run Trivy scan"
+        required: false
+        default: true
+        type: boolean
+      grype-scan:
+        description: "Run Grype scan"
+        required: false
+        default: true
+        type: boolean
+      continue-on-error:
+        description: "Continue on error"
+        required: false
+        default: true
+        type: boolean
+
+jobs:
+  security-scan:
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@379-feat-security-check-re-usable-workflow-grype-and-trivy
+    with:
+      target: ${{ github.event.inputs.target || 'source' }}
+      image: ${{ github.event.inputs.image || "" }}
+      only-high-critical: ${{ inputs.only-high-critical || 'true' }}
+      trivy-scan: ${{ inputs.trivy-scan || 'true' }}
+      grype-scan: ${{ inputs.grype-scan || 'true' }}
+      continue-on-error: ${{ inputs.continue-on-error || 'true' }}
