Scan #158

Summary
Jobs
- scan
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Scan

	on:
	push:
	branches: [ master, development ]
	pull_request:
	branches: [ master, development ]
	schedule:
	- cron: '0 12 * * 1' # runs at 12:00 UTC on Mondays
	workflow_dispatch:

	jobs:

	scan:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1

	- name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_PASSWORD }}

	- name: Set image name
	id: setimagename
	run: \|
	echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
	echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"

	- name: Build the image
	id: buildimage
	uses: docker/build-push-action@v2
	with:
	context: ./
	file: ./Dockerfile
	push: false
	tags: ${{ steps.setimagename.outputs.imagename }}

	- name: Check whether container scanning should be enabled
	id: checkcontainerscanning
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	run: \|
	echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}"
	echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}"

	- name: Run Snyk to check Docker image for vulnerabilities
	uses: snyk/actions/docker@master
	if: steps.checkcontainerscanning.outputs.enabled == 'true'
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ${{ steps.setimagename.outputs.imagename }}
	args: --file=Dockerfile

	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v1
	if: steps.checkcontainerscanning.outputs.enabled == 'true'
	with:
	sarif_file: snyk.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scan #158

Workflow file

Scan #158

Jobs

Run details

Workflow file for this run