Skip to content

Daily Pull and Vulnerability Scan #29

Daily Pull and Vulnerability Scan

Daily Pull and Vulnerability Scan #29

Workflow file for this run

name: Daily Pull and Vulnerability Scan
on:
schedule:
- cron: "0 0 * * *" # Runs daily at midnight UTC
workflow_dispatch: # Allows manual trigger
jobs:
pull-and-scan:
runs-on: ubuntu-latest
steps:
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.THE_DOCKER_USER }}
password: ${{ secrets.THE_DOCKER_PASS }}
- name: Pull Docker image
run: |
IMAGE_NAME="jasonculligan/nmap-in-alpine:latest"
docker pull $IMAGE_NAME
env:
IMAGE_NAME: jasonculligan/nmap-in-alpine:latest
- name: Scan Docker image with Trivy
id: scan_image
continue-on-error: true
uses: aquasecurity/trivy-action@master
with:
#image-ref: ${{ env.IMAGE_NAME }}
image-ref: jasonculligan/nmap-in-alpine:latest
format: "table"
exit-code: '123'
severity: 'CRITICAL,HIGH'
- name: Check if vulnerabilities are found
id: check_scan
run: |
if [[ "${{ steps.scan_image.outcome }}" == "failure" ]]; then
echo "Vulnerabilities found!"
echo "needs_rebuild=true" >> $GITHUB_ENV
else
echo "No vulnerabilities found."
echo "needs_rebuild=false" >> $GITHUB_ENV
fi
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
if: env.needs_rebuild == 'true'
id: push
uses: docker/build-push-action@v6
with:
file: ./Dockerfile
push: true
tags: jasonculligan/nmap-in-alpine:latest