[No ticket] Scan test docker image with trivy

broadinstitute · Aug 12, 2020 · 3ed683b · 3ed683b
1 parent 03f092c
commit 3ed683b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/docker/build.sh b/docker/build.sh
@@ -131,6 +131,10 @@ function docker_cmd()
         echo "building ${DOCKERHUB_TESTS_REGISTRY}:${HASH_TAG}..."
         cd automation
         docker build -f Dockerfile-tests -t $DOCKERHUB_TESTS_REGISTRY:${HASH_TAG} .
+
+        echo "scanning test docker image..."
+        docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$HOME"/Library/Caches:/root/.cache/ aquasec/trivy --exit-code 1 --severity CRITICAL "$DOCKERHUB_TESTS_REGISTRY":"${HASH_TAG}"
+
         cd ..
 
         if [ $DOCKER_CMD="push" ]; then