File tree Expand file tree Collapse file tree 2 files changed +19
-0
lines changed
Expand file tree Collapse file tree 2 files changed +19
-0
lines changed Original file line number Diff line number Diff line change 2525 with :
2626 node-version : " 20"
2727
28+ - name : Install Trivy
29+ run : |
30+ sudo apt-get update
31+ sudo apt-get install -y wget apt-transport-https gnupg lsb-release
32+ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /usr/share/keyrings/trivy-archive-keyring.gpg
33+ echo "deb [signed-by=/usr/share/keyrings/trivy-archive-keyring.gpg] https://aquasecurity.github.io/trivy-repo/deb stable main" | sudo tee /etc/apt/sources.list.d/trivy.list
34+ sudo apt-get update
35+ sudo apt-get install -y trivy
36+
2837 - name : Sync Python dependencies
2938 run : uv sync --frozen
3039
3342
3443 - name : Run test coverage
3544 run : make coverage
45+
46+ - name : Scan Docker images
47+ run : make scan-images
Original file line number Diff line number Diff line change @@ -35,3 +35,10 @@ audit:
3535
3636coverage :
3737 uv run --with pytest-cov pytest --cov=src --cov-report=term-missing --cov-fail-under=85
38+
39+ scan-images :
40+ docker build -t nimbus-control-plane:ci .
41+ trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --no-progress nimbus-control-plane:ci
42+ docker build -t nimbus-ai-runner:ci containers/ai-eval-runner
43+ trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --no-progress nimbus-ai-runner:ci
44+ docker image rm -f nimbus-control-plane:ci nimbus-ai-runner:ci > /dev/null 2>&1 || true
You can’t perform that action at this time.
0 commit comments