Make docker images scanner more flexible (#402)

dnestoro · web-flow · commit e77b0f9810dc · 2023-10-27T14:15:24.000+02:00
* Make docker images scanner weekly and triggered on allowed images update

* Fix syntax error

* Add skip job so we can set scan images job as required
diff --git a/.github/workflows/scan-docker-images-skip.yml b/.github/workflows/scan-docker-images-skip.yml
@@ -2,9 +2,8 @@ name: "Scan docker images from the allowed docker images list"
 
 on:
   pull_request:
-    paths:
-      - '**.md'
-      - 'library-and-framework-list*.json'
+    paths-ignore:
+      - 'tests/tck-build-logic/src/main/resources/allowed-docker-images'
 
 jobs:
   build:
diff --git a/.github/workflows/scan-docker-images.yml b/.github/workflows/scan-docker-images.yml
@@ -1,10 +1,13 @@
 name: "Scan docker images from the allowed docker images list"
 
 on:
+  # we should run this job if somebody wants to add/update allowed docker images
   pull_request:
-    paths-ignore:
-      - '**.md'
-      - 'library-and-framework-list*.json'
+    paths:
+      - 'tests/tck-build-logic/src/main/resources/allowed-docker-images'
+  # we should run this job once a week to check if new vulnerabilities are found in existing images
+  schedule:
+    - cron: "0 0 * * 6"
 
 jobs:
   scan-images:
