File tree Expand file tree Collapse file tree 3 files changed +62
-0
lines changed Expand file tree Collapse file tree 3 files changed +62
-0
lines changed Original file line number Diff line number Diff line change 4747 duration=$((end_time - start_time))
4848 echo "Scanning ended for image: $image at $(date)"
4949 echo "Duration for image $image: $duration seconds"
50+ echo "Removing image $image"
51+ docker image rmi -f $image
5052 done
5153name : Completed
5254 run : |
Original file line number Diff line number Diff line change 1+ name : scan-docker-images-using-trivy-dockerhubofkrishnadhas
2+ on :
3+ workflow_dispatch :
4+ inputs :
5+ docker_image_name :
6+ description : ' complete image name. eg: dockerofkrishnadhas/alpine:latest'
7+ required : true
8+ type : string
9+ default : ' dockerofkrishnadhas/alpine:latest'
10+
11+ run-name : scan-docker-image-${{ inputs.docker_image_name }}-using-trivy
12+ jobs :
13+ scan-docker-image-using-trivy-from-dockerofkrishnadhas :
14+ runs-on : ubuntu-latest
15+ steps :
16+ - name : set up docker and scan docker image for vulnerabilities
17+ uses : docker-practice/actions-setup-docker@master
18+ - run : |
19+ set -x
20+ docker version
21+ docker pull ${{inputs.docker_image_name}}
22+ start_time=$(date +%s)
23+ echo "Scanning started for image: ${{inputs.docker_image_name}} at $(date)"
24+ docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{inputs.docker_image_name}}
25+ end_time=$(date +%s)
26+ duration=$((end_time - start_time))
27+ echo "Scanning ended for image: $image at $(date)"
28+ echo "Duration for image $image: $duration seconds"
29+ docker system prune -af
30+ done
31+ name : Completed
32+ run : |
33+ echo "program completed successfully"
Original file line number Diff line number Diff line change 11# trivy-to-scan-all-docker-images-on-dockerofkrishnadhas
22trivy to scan for vulnerabilities on all docker images in dockerofkrishnadhas dockerhub account
3+
4+ # How code works
5+
6+ * Uses Python language
7+ * using the api end points :
8+ * https://hub.docker.com/v2/repositories/{account_name}/ --> lists the images under specific dockerhub account.
9+ * https://hub.docker.com/v2/namespaces/{account_name}/repositories/{image}/tags --> lists image tags under a specific image
10+
11+ * Later uses github workflow to pull the image from dockerhub registry and scan using trivy.
12+
13+ ### Dependabot is in Guard
14+
15+ dependabot checks for package updates on ` weekly ` basis on ` every saturday ` at ` 9.00 ` ` Asia/kolkata timezone `
16+
17+ ```
18+ The Github workflow is set as cron set to run every week (weekly once) and can be triggered manually at any time.
19+ workflow file : scan-docker-images-using-trivy.yaml
20+ ```
21+
22+ ```
23+ The Github workflow is set as manual and can be triggered any time.
24+ workflow file : scan-specific-docker-image-using-trivy.yaml
25+ ```
26+
27+
28+ ** The dockerhub registry ` dockerofkrishnadhas ` is a public one.**
29+ *** While using private registry authentication needs to be performed.***
You can’t perform that action at this time.
0 commit comments