Skip to content
/ build-and-scan-image Public

Build and scan Dockerfile and container image

License

MIT license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dentsusoken/build-and-scan-image

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

147 Commits

.github

.github

 
 

docs

docs

 
 

testdata

testdata

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yaml

action.yaml

 
 

renovate.json

renovate.json

 
 

Repository files navigation

Build and Scan Image

test workflow

Build and scan Dockerfile and container image by following tools.

Notes

Experimental

This repository is experimental. Some options or behavior may be changed without announcement.

Use in Dentsu Soken project

If you use this repository in Dentsu Soken project, please read dentsusoken/build-and-scan-image-internal too. It can be accessed by only Dentsu Soken members.

Usage

Basic

- name: Build and scan image
  uses: dentsusoken/build-and-scan-image@main
  with:
    tag: "YOUR_IMAGE_NAME:TAG"  # Image name and optionally tag in "name:tag" format
    path: "."  # Path to base directory to run `docker build` command

All options

See action.yaml .

- name: Build and scan image
  uses: dentsusoken/build-and-scan-image@main
  with:
    # Image name and optionally tag in "name:tag" format
    tag: "YOUR_IMAGE_NAME:TAG"

    # Path to base directory to run `docker build` command (default ".")
    path: "."

    # Path to Dockerfile, which is relative path from "path" parameter (default "Dockerfile")
    dockerfile: Dockerfile

    # Enable scanning Dockerfile by hadolint (default "true")
    hadolint-enable: "true"

    # Hadolint version.
    hadolint-version: "2.8.0"

    # Fail step if rules with a severity above this level are violated (default "info")
    # Acceptable value is one of (error|warning|info|style|ignore|none)
    hadolint-severity: info

    # Enable scanning image by dockle (default "true")
    dockle-enable: "true"

    # Dockle version.
    dockle-version: "0.4.3"

    # Fail step if checkpoints with a severity above this level are violated (default "WARN")
    # Acceptable value is one of (INFO|WARN|FATAL)
    dockle-severity: WARN

    # Enable scanning image by trivy (default "true")
    trivy-enable: "true"

    # Trivy version.
    trivy-version: "0.23.0"

    # Fail step if image has vulnerabilities with a severity same as this level
    # (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
    # Acceptable value is comma-separated list of (UNKNOWN|LOW|MEDIUM|HIGH|CRITICAL)
    trivy-severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL

    # Vulnerability types which trivy detect to (default "os,library")
    # Acceptable value is comma-separated list of (os|library)
    trivy-vuln-type: os,library

    # Ignore unfixed vulnerabilities (default "false")
    trivy-ignore-unfixed: "false"

    # Enable scanning image by snyk (default "false")
    # If enabled, "snyk-token" must be also set.
    snyk-enable: "false"

    # Snyk CLI version.
    snyk-version: "1.848.0"

    # Snyk API Token (default "")
    # This is necessary if "snyk-enable" is "true".
    snyk-token: ""

    # Fail step if image has vulnerabilities with a severity above this level (default "low")
    # Acceptable value is one of (low|medium|high|critical)
    snyk-severity: low

    # Exclude base image vulnerabilities (default "false")
    snyk-exclude-base-image-vulns: "false"

FAQ

See FAQ.

About

Build and scan Dockerfile and container image

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 13

v0.4.2 Latest
Sep 4, 2023
+ 12 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •