Anchore Container Scan #2097
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Anchore Container Scan | |
| on: | |
| schedule: | |
| # launch analysis every day on develop (shall be launch after snapshot build) | |
| - cron: '0 1 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| Anchore-Build-Scan: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Pull docker images | |
| run: | | |
| docker pull lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-cards-publication-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-users-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-businessconfig-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-external-devices-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-cards-reminder:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-supervisor:SNAPSHOT | |
| docker pull lfeoperatorfabric/of-web-ui:SNAPSHOT | |
| - name: Analyse card consultation | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for cards-consultation | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: consultation | |
| - name: Analyse card publication | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-cards-publication-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for cards-publication | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: publication | |
| - name: Analyse users | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-users-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for users | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: users | |
| - name: Analyse businessConfig | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-businessconfig-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for businessConfig | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: businessconfig | |
| - name: Analyse external-devices | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-external-devices-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for external devices | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: external-devices | |
| - name: Analyse web-ui | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-web-ui:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for web-ui | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: web-ui | |
| - name: Analyse external-diffusion | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for external-diffusion | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: external-diffusion | |
| - name: Analyse cards reminder | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-cards-reminder:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for cards-reminder | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: cards-reminder | |
| - name: Analyse supervisor | |
| uses: anchore/scan-action@869c549e657a088dc0441b08ce4fc0ecdac2bb65 # v5.3.0 | |
| with: | |
| image: "lfeoperatorfabric/of-supervisor:SNAPSHOT" | |
| acs-report-enable: true | |
| fail-build: false | |
| - name: Upload Anchore Scan Report for supervisor | |
| uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 | |
| with: | |
| sarif_file: results.sarif | |
| category: supervisor |