Skip to content

support for split model files, restructured to allow import by other projects, improved command line syntax by use of cobra, and more... #58

support for split model files, restructured to allow import by other projects, improved command line syntax by use of cobra, and more...

support for split model files, restructured to allow import by other projects, improved command line syntax by use of cobra, and more... #58

# This workflow checks out code, performs an Anchore container image
# vulnerability and compliance scan, and integrates the results with
# GitHub Advanced Security code scanning feature. For more information on
# the Anchore scan action usage and parameters, see
# https://github.com/anchore/scan-action. For more information on
# Anchore container image scanning in general, see
# https://docs.anchore.com.
name: Anchore Container Scan
on:
push:
branches: [master]
pull_request:
# The branches below must be a subset of the branches above
branches: [master]
schedule:
- cron: '0 0 1 * *'
jobs:
Anchore-Build-Scan:
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build the Docker image
uses: docker/build-push-action@v5
with:
tags: localbuild/threagile:latest
file: Dockerfile.local
push: false
load: true
- name: Scan image
uses: anchore/scan-action@v3
with:
image: "localbuild/threagile:latest"
fail-build: false
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif