[mod] add a nightly check of the docker images using Trivy

This commit is contained in:
Alexandre Flament 2022-01-29 14:22:16 +01:00
parent c7b3f004eb
commit f361945cf1

27
.github/workflows/security.yml vendored Normal file
View file

@ -0,0 +1,27 @@
name: "Security checks"
on:
schedule:
- cron: "05 06 * * *"
workflow_dispatch:
jobs:
dockers:
name: Trivy ${{ matrix.image }}
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
image: ["searxng/searxng", "dalf/filtron", "dalf/morty"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ matrix.image }}:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'