From fd37b2635be32ee137467f304d94aab98e3e8784 Mon Sep 17 00:00:00 2001
From: Bartosz Zurkowski <zurkowski.bartosz@gmail.com>
Date: Sun, 11 Sep 2022 17:15:09 +0200
Subject: [PATCH] Add Docker image scan

Signed-off-by: Bartosz Zurkowski <zurkowski.bartosz@gmail.com>
---
 .github/workflows/integrate.yaml | 5 ++++-
 Makefile                         | 8 +++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml
index a95b74a..068eb02 100644
--- a/.github/workflows/integrate.yaml
+++ b/.github/workflows/integrate.yaml
@@ -67,10 +67,13 @@ jobs:
     - name: Check coverage
       run: make coverage
 
-  test-build:
+  test-docker:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
 
     - name: Build Docker image
       run: make docker-build
+
+    - name: Scan Docker image for vulnerabilities
+      run: make docker-scan
diff --git a/Makefile b/Makefile
index f9842a9..f701ff1 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,5 @@
+IMAGE ?= openrca/orca
+
 .PHONY: format
 format:
 	@tox -e test-tools -- black .
@@ -20,4 +22,8 @@ coverage:
 
 .PHONY: docker-build
 docker-build:
-	@docker build . -f Dockerfile -t openrca/orca
+	@docker build . -f Dockerfile -t $(IMAGE)
+
+.PHONY: docker-scan
+docker-scan:
+	@docker scan --accept-license --file Dockerfile --dependency-tree $(IMAGE)