ponysearch-docker/.github/workflows/security.yml

27 lines
681 B
YAML

name: "Security checks"
on:
schedule:
- cron: "05 06 * * *"
workflow_dispatch:
jobs:
dockers:
name: Trivy ${{ matrix.image }}
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
image: ["searxng/searxng", "dalf/filtron", "dalf/morty"]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ matrix.image }}:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: false
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'