2024-10-17 12:52:34 +02:00
|
|
|
name: Docker-Analyze
|
|
|
|
|
|
|
|
on:
|
2024-11-01 09:15:46 +01:00
|
|
|
schedule:
|
|
|
|
- cron: "0 0 * * *" # Daily at midnight UTC
|
2024-10-17 12:52:34 +02:00
|
|
|
workflow_dispatch:
|
|
|
|
inputs:
|
|
|
|
trigger-build:
|
|
|
|
description: 'Trigger a manual build and push'
|
|
|
|
default: 'true'
|
|
|
|
|
|
|
|
env:
|
2024-10-24 10:48:14 +02:00
|
|
|
DOCKER_IMAGE: donaldzou/wgdashboard
|
2024-10-17 12:52:34 +02:00
|
|
|
|
|
|
|
jobs:
|
|
|
|
docker_analyze:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
steps:
|
|
|
|
- name: Checkout repository
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
|
|
|
- name: Log in to Docker Hub
|
|
|
|
uses: docker/login-action@v3
|
|
|
|
with:
|
|
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
|
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
|
|
|
|
|
|
|
- name: Install Docker Scout
|
|
|
|
run: |
|
|
|
|
echo "Installing Docker Scout..."
|
|
|
|
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
|
|
|
echo "Docker Scout installed successfully."
|
|
|
|
- name: Analyze Docker image with Docker Scout
|
|
|
|
id: analyze-image
|
|
|
|
run: |
|
|
|
|
echo "Analyzing Docker image with Docker Scout..."
|
|
|
|
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
|
|
|
|
cat scout-results.txt
|
|
|
|
echo "Docker Scout analysis completed."
|
|
|
|
- name: Fail if critical CVEs are found
|
|
|
|
run: |
|
2024-10-21 12:07:33 +02:00
|
|
|
if grep -q "0C" scout-results.txt; then
|
|
|
|
echo "No critical vulnerabilities found! Continueing."
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
echo "At least one critical vulnerabilities found! Exiting."
|
2024-10-17 12:52:34 +02:00
|
|
|
exit 1
|
|
|
|
fi
|