forked from nanotaboada/python-samples-fastapi-restful
-
Notifications
You must be signed in to change notification settings - Fork 0
34 lines (27 loc) · 967 Bytes
/
docker-security.yml
File metadata and controls
34 lines (27 loc) · 967 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: 🔍 Validate Docker Image with Trivy (docker-compose)
on:
pull_request:
branches: [master]
push:
branches: [master]
jobs:
build-and-scan:
runs-on: ubuntu-latest
steps:
- name: 🧾 Checkout repo
uses: actions/checkout@v3
- name: 🐳 Set up Docker Compose
run: sudo apt-get update && sudo apt-get install -y docker-compose
- name: 🛠️ Build image without cache
run: docker compose build --no-cache
- name: 🐳 List Docker images (debug)
run: docker images
- name: 🔍 Run Trivy via Docker (scan local image)
run: |
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $HOME/.cache:/root/.cache/ \
aquasec/trivy:latest \
image --format table --exit-code 1 --ignore-unfixed \
--severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL \
python-samples-fastapi-restful:latest