Merge pull request #10 from searxng/trivy

[mod] add a nightly check of the docker images using Trivy
This commit is contained in:
Alexandre Flament 2022-01-29 14:24:01 +01:00 committed by GitHub
commit 69590065df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

27
.github/workflows/security.yml vendored Normal file
View file

@ -0,0 +1,27 @@
name: "Security checks"
on:
schedule:
- cron: "05 06 * * *"
workflow_dispatch:
jobs:
dockers:
name: Trivy ${{ matrix.image }}
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
image: ["searxng/searxng", "dalf/filtron", "dalf/morty"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ matrix.image }}:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'