-
Notifications
You must be signed in to change notification settings - Fork 21
58 lines (49 loc) · 1.45 KB
/
test-scan-apk.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: test-scan-apk
on: [pull_request]
permissions:
contents: read
jobs:
test-unpinned:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
package: ko
- run: echo ${{ steps.scan.outputs.vuln-count }}
test-pinned:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
package: ko=0.13.0-r4
- run: echo ${{ steps.scan.outputs.vuln-count }}
test-alpine:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: ./scan-apk
id: scan
with:
repositories: https://dl-cdn.alpinelinux.org/alpine/edge/main
keyring: ""
package: busybox
- run: echo ${{ steps.scan.outputs.vuln-count }}