feat: adding Dockle Container Linter (#1852)

ory · Oct 19, 2021 · 3c0d519 · 3c0d519
1 parent 77677f6
commit 3c0d519
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
@@ -1,4 +1,4 @@
-name: Docker Image Scan
+name: Docker Image Scanners
 on:
   push:
     branches:
@@ -10,7 +10,7 @@ on:
       - 'master'
 
 jobs:
-  docker:
+  scanners:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -23,18 +23,26 @@ jobs:
         shell: bash
         run: |
           make docker
-      - name: Scan image
+      - name: Anchore Scanner
         uses: anchore/scan-action@v3
         with:
           image: oryd/kratos:latest-sqlite
           fail-build: true
           severity-cutoff: high
-      - name: Security Scan Image
+      - name: Trivy Scanner
         uses: aquasecurity/trivy-action@master
+        if: ${{ always() }}
         with:
           image-ref: oryd/kratos:latest-sqlite
           format: 'table'
           exit-code: '42'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
+      - name: Dockle Linter
+        uses: erzz/dockle-action@v1.1.1
+        if: ${{ always() }}
+        with:
+          image: oryd/kratos:latest-sqlite
+          exit-code: 42
+          failure-threshold: fatal