test: use reliable upstream server (#1099) #745

Summary
Jobs
- scanners
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/cve-scan.yaml at af5ce29

	name: Docker Image Scanners
	on:
	push:
	branches:
	- "master"
	tags:
	- "v..*"
	pull_request:
	branches:
	- "master"

	jobs:
	scanners:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- name: Setup Env
	id: vars
	shell: bash
	run: \|
	echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
	echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Build images
	shell: bash
	run: \|
	touch oathkeeper
	DOCKER_BUILDKIT=1 docker build -t oryd/oathkeeper:${{ steps.vars.outputs.sha_short }} --build-arg=COMMIT=${{ steps.vars.outputs.sha_short }} .
	DOCKER_BUILDKIT=1 docker build -t oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }} --build-arg=COMMIT=${{ steps.vars.outputs.sha_short }} -f Dockerfile-alpine .
	rm oathkeeper
	- name: Anchore Scanner
	uses: anchore/scan-action@v3
	id: grype-scan
	with:
	image: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
	fail-build: true
	severity-cutoff: high
	debug: false
	acs-report-enable: true
	- name: Anchore Scanner
	uses: anchore/scan-action@v3
	id: grype-scan-alpine
	with:
	image: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
	fail-build: true
	severity-cutoff: high
	debug: false
	acs-report-enable: true
	- name: Inspect action SARIF report
	shell: bash
	if: ${{ always() }}
	run: \|
	echo "::group::Anchore Scan Details"
	jq '.runs[0].results' ${{ steps.grype-scan.outputs.sarif }}
	jq '.runs[0].results' ${{ steps.grype-scan-alpine.outputs.sarif }}
	echo "::endgroup::"
	- name: Trivy Scanner
	uses: aquasecurity/trivy-action@master
	if: ${{ always() }}
	with:
	image-ref: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
	format: "table"
	exit-code: "42"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	- name: Trivy Scanner 2
	uses: aquasecurity/trivy-action@master
	if: ${{ always() }}
	with:
	image-ref: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }}
	format: "table"
	exit-code: "42"
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "CRITICAL,HIGH"
	- name: Dockle Linter
	uses: erzz/dockle-action@v1.3.2
	if: ${{ always() }}
	with:
	image: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }}
	exit-code: 42
	failure-threshold: fatal

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: use reliable upstream server (#1099) #745

Workflow file

test: use reliable upstream server (#1099) #745

Jobs

Run details

Workflow file for this run