Update Docker scan workflows to include Dockerfile path and context f…

…or vulnerability checks 🔍
0GiS0 · Dec 28, 2024 · f784ce3 · f784ce3
1 parent 665d3e1
commit f784ce3
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/.github/workflows/docker-scans.yml b/.github/workflows/docker-scans.yml
@@ -6,6 +6,7 @@ on:
       - main
     paths-ignore:      
       - "README.md"
+      - "tests/**"
   workflow_dispatch:
 
 jobs:
@@ -14,20 +15,35 @@ jobs:
       contents: read
       security-events: write
     uses: 0GiS0/scan-docker-vulnerabilities/.github/workflows/checkov.yaml@main
+    with:
+      dockerfile_path: src/Dockerfile
+
   trivy:
     permissions:
       contents: read
       security-events: write
     uses: 0GiS0/scan-docker-vulnerabilities/.github/workflows/trivy.yaml@main
+    with:
+      dockerfile_path: src/Dockerfile
+      context: ./src  
+
   grype:
     permissions:
       contents: read
       security-events: write
     uses: 0GiS0/scan-docker-vulnerabilities/.github/workflows/grype.yaml@main
+    with:
+      dockerfile_path: src/Dockerfile
+      context: ./src
+
   snyk:
     permissions:
       contents: read
       security-events: write
     uses: 0GiS0/scan-docker-vulnerabilities/.github/workflows/snyk.yaml@main
+    with:
+      dockerfile_path: src/Dockerfile
+      context: ./src
+
     secrets:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.dockerignore → src/.dockerignore b/.dockerignore → src/.dockerignore