Skip to content
Scan docker image

Scan docker image #1079

Sign in to view logs

Scan docker image

Scan docker image #1079

Workflow file for this run

.github/workflows/docker_image_scan.yml at 9bf28a9
name: Scan docker image
on:
schedule:
- cron: '0 7 * * *'
jobs:
scan-docker-image:
runs-on: ubuntu-latest
name: Scan docker image
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build docker image
run: |
docker build \
--tag laa-fee-calculator:scan \
--build-arg DJANGO_SECRET_KEY=real-secret-not-needed-here \
--file Dockerfile .
- name: Scan docker image using snyk
id: image-scan
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: laa-fee-calculator:scan
args: --file=Dockerfile
- name: Monitor docker image using snyk
id: image-monitor
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
image: laa-fee-calculator:scan
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
- name: Slack notify failure
if: ${{ steps.image-scan.outcome == 'failure' }}
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: Snyk docker image scan
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: laa-cccd-alerts
SLACK_ICON_EMOJI: ':snyk:'
SLACK_COLOR: ${{ steps.image-scan.outcome }}
SLACK_TITLE: Scanned ${{ github.repository }}
SLACK_MESSAGE: docker scan detected vulnerabilites! @laa-claim-for-payment-devs
SLACK_LINK_NAMES: true
SLACK_FOOTER:
- name: Slack notify success
if: ${{ steps.image-scan.outcome == 'success' }}
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: Snyk docker image scan
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: laa-fee-calculator-development
SLACK_ICON_EMOJI: ':snyk:'
SLACK_COLOR: ${{ steps.image-scan.outcome }}
SLACK_TITLE: Scanned ${{ github.repository }}
SLACK_MESSAGE: docker scan found no vulnerabilites!
SLACK_FOOTER: