Secure-Compliance-Solutions-LLC / GVM-Docker

Greenbone Vulnerability Management Docker Image with OpenVAS
https://securecompliance.gitbook.io/projects/
MIT License
247 stars 91 forks source link

Adding Phonito Security Docker Vulnerability Scan To Workflow #241

Closed austinsonger closed 3 years ago

austinsonger commented 3 years ago

I want to include this to the workflow. I've already added the token to the secrets. I just didn't want to go messing with the current workflow that you built.

name: Build & Scan Docker Image
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1

      - name: Set tag var
        id: vars
        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}

      - name: Build the Docker image
        run: docker build . --file Dockerfile --tag myapp:${{ steps.vars.outputs.docker_tag }}

      - name: Scan with Phonito Security
        uses: phonito/phonito-scanner-action@master
        with:
          image: myapp:${{ steps.vars.outputs.docker_tag }}
          phonito-token: '${{ secrets.PHONITO_TOKEN }}'
Dexus commented 3 years ago

added via 5ce5e84 in dev

Dexus commented 3 years ago

@austinsonger it's broken if I'm not mistaken.

Instead I would like to use: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/issues/252