mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2025-08-05 13:15:18 +02:00
feat(security): restructure Trivy scans for improved clarity and organization
This commit is contained in:
Sean Morley
parent
12a5221b76
commit
d865454cb0
1 changed files with 43 additions and 23 deletions
66
.github/workflows/trivy_security_scans.yml
vendored
66
.github/workflows/trivy_security_scans.yml
vendored
|
|
@ -13,35 +13,14 @@ on:
|
||||||
- cron: "0 8 * * 1" # Weekly scan on Mondays at 8 AM UTC
|
- cron: "0 8 * * 1" # Weekly scan on Mondays at 8 AM UTC
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
trivy-scan:
|
filesystem-scan:
|
||||||
name: Trivy Filesystem & Docker Image Scan
|
name: Trivy Filesystem Scan (Source Code)
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Set up Docker Buildx (for consistent image builds)
|
|
||||||
uses: docker/setup-buildx-action@v3
|
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry (optional, if pushing images)
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Build Docker image
|
|
||||||
run: docker build -t adventurelog:latest .
|
|
||||||
|
|
||||||
- name: Scan Docker image with Trivy
|
|
||||||
uses: aquasecurity/trivy-action@master
|
|
||||||
with:
|
|
||||||
image-ref: adventurelog:latest
|
|
||||||
format: table
|
|
||||||
exit-code: 1
|
|
||||||
ignore-unfixed: true
|
|
||||||
|
|
||||||
- name: Scan source code (Filesystem) with Trivy
|
- name: Scan source code (Filesystem) with Trivy
|
||||||
uses: aquasecurity/trivy-action@master
|
uses: aquasecurity/trivy-action@master
|
||||||
with:
|
with:
|
||||||
|
|
@ -50,3 +29,44 @@ jobs:
|
||||||
format: table
|
format: table
|
||||||
exit-code: 1
|
exit-code: 1
|
||||||
ignore-unfixed: true
|
ignore-unfixed: true
|
||||||
|
|
||||||
|
image-scan:
|
||||||
|
name: Trivy Docker Image Scan (Backend & Frontend)
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
# Optional login step (remove if you're not pushing images to GHCR)
|
||||||
|
- name: Login to GitHub Container Registry
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Build backend Docker image
|
||||||
|
run: docker build -t adventurelog-backend ./backend
|
||||||
|
|
||||||
|
- name: Build frontend Docker image
|
||||||
|
run: docker build -t adventurelog-frontend ./frontend
|
||||||
|
|
||||||
|
- name: Scan backend Docker image with Trivy
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: adventurelog-backend
|
||||||
|
format: table
|
||||||
|
exit-code: 1
|
||||||
|
ignore-unfixed: true
|
||||||
|
|
||||||
|
- name: Scan frontend Docker image with Trivy
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: adventurelog-frontend
|
||||||
|
format: table
|
||||||
|
exit-code: 1
|
||||||
|
ignore-unfixed: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue