-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dev-email-worker.yml file by adding trivy scan #429
Conversation
@@ -11,25 +11,77 @@ on: | |||
branches: | |||
- main | |||
|
|||
jobs: | |||
jobs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove whitespace - consider installing "Fix Irregular Whitespace" plugin for you vscode.
unit-test: | ||
uses: SierraSystems/reusable-workflows/.github/workflows/java-unit-tests.yml@main | ||
with: | ||
working_directory: "src" | ||
profile: dps-email-worker | ||
secrets: | ||
nexus_url: ${{ secrets.NEXUS_URL }} | ||
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove whitespace
docker build -t dev-email-worker:${{ github.sha }} . | ||
|
||
#Run Vulnerability Scan usinig Trivy scanner | ||
- name: Run Trivy vulnerability scanner for jag-icon2-common-application |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this project is DPS
COMPOSE_DOCKER_CLI_BUILD: 1 | ||
DOCKER_BUILDKIT: 1 | ||
run: | | ||
docker build -t dev-email-worker:${{ github.sha }} . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see a problem with using the sha, but why are you using the sha rather than just a tag? Are you planning on using a cache in the near future?
app-version job has been modified and build-image job has been replaced with build-scan-image job which includes 2 more steps for trivy scan and uploading results to the Github security tab.