Anchore-Grype Security Scans #210

Workflow file for this run

	name: Anchore-Grype Security Scans

	on:
	push:
	branches: ["main"]
	workflow_dispatch:
	schedule:
	# Run this against the default branch every Monday at 5:30AM
	- cron: "30 5 * * 2"

	permissions: write-all
	jobs:
	scan:
	runs-on: ubuntu-latest
	env:
	DOCKER_IMAGE: ortussolutions/commandbox
	COMMANDBOX_VERSION: 6.2.1
	strategy:
	matrix:
	include:
	- BUILD_IMAGE_DOCKERFILE: builds/debian/Base.Dockerfile
	BUILD_IMAGE_TAG: CommandBox
	# - BUILD_IMAGE_DOCKERFILE: builds/debian/Lucee5.Dockerfile
	# BUILD_IMAGE_TAG: lucee5.3.10.97
	# - BUILD_IMAGE_DOCKERFILE: builds/debian/Adobe2018.Dockerfile
	# BUILD_IMAGE_TAG: adobe2018.0.15.330106
	# - BUILD_IMAGE_DOCKERFILE: builds/debian/Adobe2021.Dockerfile
	# BUILD_IMAGE_TAG: adobe2021.0.05.330109

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@master
	with:
	platforms: all

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@master

	- name: Build local container
	uses: docker/build-push-action@v6
	env:
	DOCKER_BUILDKIT: 1
	with:
	context: .
	file: ${{ matrix.BUILD_IMAGE_DOCKERFILE }}
	build-args: COMMANDBOX_VERSION=${{ env.COMMANDBOX_VERSION }}
	push: false
	load: true
	tags: ${{ env.DOCKER_IMAGE }}:${{ matrix.BUILD_IMAGE_TAG }}

	- name: Scan generated packages
	uses: anchore/scan-action@v6
	id: securityscan
	with:
	image: ${{ env.DOCKER_IMAGE }}:${{ matrix.BUILD_IMAGE_TAG }}
	severity-cutoff: "high"
	fail-build: false
	by-cve: "true"
	only-fixed: true

	- name: Upload Anchore Report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ steps.securityscan.outputs.sarif }}
	category: "BoxLang-Runtime-${{ github.env.BRANCH }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Anchore-Grype Security Scans #210

Workflow file

Anchore-Grype Security Scans #210

Uh oh!

Workflow file for this run