File tree Expand file tree Collapse file tree 2 files changed +1
-32
lines changed Expand file tree Collapse file tree 2 files changed +1
-32
lines changed Load Diff This file was deleted.
Original file line number Diff line number Diff line change @@ -74,25 +74,15 @@ jobs:
7474 - uses : actions/checkout@v1
7575 - run : docker version
7676 - run : docker images
77- - name : Install clair-scanner
78- run : |
79- sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
80- sudo chmod +x /usr/local/bin/clair-scanner
81- run : docker images
82- - run : mkdir -p $(echo "./clair/${DOCKER_IMAGE}:${REF}" | tr '[:upper:]' '[:lower:]')
83- env :
84- REF : ${{ needs.generate-ref.outputs.ref }}
85- - run : docker-compose -f .docker/security/docker-compose.yml -p clair-ci up -d
8677 - run : docker build --no-cache -t "${DOCKER_IMAGE}:${REF}" . -f Dockerfile-build
8778 env :
8879 REF : ${{ needs.generate-ref.outputs.ref }}
8980 - run : docker tag "${DOCKER_IMAGE}:${REF}" "${DOCKER_IMAGE}:sha-${GITHUB_SHA}"
9081 env :
9182 REF : ${{ needs.generate-ref.outputs.ref }}
92- - run : echo -e "${DOCKER_IMAGE}:${REF}" | xargs -I % sh -c 'clair-scanner --ip 172.17.0.1 -r "./clair/%.json" -l ./clair/clair.log % || (echo "% is vulnerable" && exit 1)'
83+ - run : docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table $ (echo "${DOCKER_IMAGE}:${REF}" | tr '[:upper:]' '[:lower:]')
9384 env :
9485 REF : ${{ needs.generate-ref.outputs.ref }}
95- - run : docker-compose -f .docker/security/docker-compose.yml -p clair-ci down
9686 - run : docker images
9787 - name : Login to Docker Hub
9888 if : contains(github.ref, 'dependabot') == false
You can’t perform that action at this time.
0 commit comments