GHA workflow for dockerscan #7154

macfarla · 2024-05-29T22:50:24Z

currently still running in CI
https://app.circleci.com/pipelines/github/hyperledger/besu/27763/workflows/fc96d628-5928-4bb0-ae50-b37b96b7ce57

from config.yml

  dockerScan:
    executor: trivy_executor
    steps:
      - checkout
      - restore_gradle_cache
      - setup_remote_docker:
          docker_layer_caching: true
      - run:
          name: Install trivy
          command: |
            apk add --update-cache --upgrade curl bash
            curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
      - run:
          name: Scan with trivy
          shell: /bin/sh
          command: |
            for FILE in $(ls docker)
            do
              if [[ $FILE == "test.sh" || $FILE == "tests" ]]; then
                continue
              fi
              docker pull -q "hyperledger/besu:develop-$FILE"
              trivy -q image --exit-code 1 --no-progress --severity HIGH,CRITICAL "hyperledger/besu:develop-$FILE"
            done

The text was updated successfully, but these errors were encountered:

macfarla added the devops DevOps related task label May 29, 2024

macfarla assigned cdivitotawela Jun 11, 2024

cdivitotawela mentioned this issue Jun 13, 2024

Add container security scanning #7216

Merged

8 tasks

cdivitotawela closed this as completed in #7216 Jun 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GHA workflow for dockerscan #7154

GHA workflow for dockerscan #7154

macfarla commented May 29, 2024

GHA workflow for dockerscan #7154

GHA workflow for dockerscan #7154

Comments

macfarla commented May 29, 2024