-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] action: add trivy ci for image vulnerability scan #390
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Yan Song <[email protected]>
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## main #390 +/- ##
==========================================
- Coverage 28.08% 28.01% -0.08%
==========================================
Files 40 40
Lines 4084 4084
==========================================
- Hits 1147 1144 -3
- Misses 2798 2801 +3
Partials 139 139
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
@@ -0,0 +1,20 @@ | |||
name: CI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should rename the action name. something like scan vulnerability ?
sudo dpkg -i trivy_0.38.0_Linux-64bit.deb | ||
- name: Scan Image | ||
run: | | ||
trivy image --timeout 60m ghcr.io/containerd/nydus-snapshotter:latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is the image hcr.io/containerd/nydus-snapshotter:latest
built and uploaded?
push: | ||
branches: ["*"] | ||
pull_request: | ||
branches: [main] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose we don't have to check it on events push and pull_request, a corn job should be ok
No description provided.