Skip to content

Trivy Image Scan

Trivy Image Scan #968

Workflow file for this run

# Copyright 2022, 2024, Oracle Corporation and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at
# http://oss.oracle.com/licenses/upl.
# ---------------------------------------------------------------------------
# Coherence Operator GitHub Actions Backwards Compatibility Tests.
# ---------------------------------------------------------------------------
name: Trivy Image Scan
on:
workflow_dispatch:
schedule:
- cron: '0 2 * * *'
push:
branches-ignore:
- gh-pages
- 1.0.0
- 2.x
- 3.x
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK
uses: oracle-actions/setup-java@v1
with:
website: oracle.com
release: 21
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.x
- name: Cache Go Modules
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-mods-
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Setup oras
uses: ./.github/actions/setup-oras-1.2.1
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Download and extract the vulnerability DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
oras pull ghcr.io/aquasecurity/trivy-db:2
tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
rm db.tar.gz
- name: Download and extract the Java DB
run: |
mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
oras pull ghcr.io/aquasecurity/trivy-java-db:1
tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
rm javadb.tar.gz
- name: Edit DNS Resolve
shell: bash
run: |
sudo chown -R runner:runner /run/systemd/resolve/stub-resolv.conf
sudo echo nameserver 8.8.8.8 > /run/systemd/resolve/stub-resolv.conf
- name: Image Scan
shell: bash
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
export TRIVY_CACHE=$GITHUB_WORKSPACE/.cache/trivy
make trivy-scan