CI #33


	name: CI

	on: workflow_dispatch

	jobs:
	sast_scan:
	name: Run Bandit Scan
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4.1.1

	- name: Set up Python
	uses: actions/setup-python@v5.0.0
	with:
	python-version: 3.8

	- name: Install Bandit
	run: pip install bandit

	- name: Run Bandit Scan
	run: bandit -ll -ii -r . -f json -o bandit-report.json


	- name: Upload artifact
	uses: actions/upload-artifact@v4.3.1
	if: always() #executa independente dos outros falhar
	with:
	name: bandit-findings
	path: bandit-report.json

	# JOB FOR BUILD IMAGE
	image_scan:
	name: Build Image and Run Image Scan
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4.1.1

	- name: Set up Docker
	uses: docker-practice/actions-setup-docker@v1
	with:
	docker_version: '20.10.7'

	- name: Build Docker Image
	run: docker build -f Dockerfile -t myapp:latest .

	- name: Docker login
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASS }}


	- name: Docker Scout Install
	run:
	curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh \| sh -s --

	- name: Docker Scout Run
	run:
	docker scout quickview

	docker scout cves

Provide feedback