Create scan_vulnerabilies.yml

jsvd · web-flow · commit b443cb1884d3 · 2024-03-26T09:35:12.000Z
diff --git a/.github/workflows/scan_vulnerabilies.yml b/.github/workflows/scan_vulnerabilies.yml
@@ -0,0 +1,24 @@
+name: Scan for vulnerabilities
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+  workflow_dispatch:
+
+jobs:
+  scan_image:
+    runs-on: ubuntu-latest
+    steps: 
+      - name: checkout repo content
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - run: ./gradlew clean assembleTarDistribution
+      - run: mkdir scan
+      - run: cd scan && tar -zxf ../build/logstash-*.tar.gz
+      - name: Scan image
+        uses: anchore/scan-action@v3
+        with:
+          path: "scan/*"
+          fail-build: true
+          severity-cutoff: critical
