From a7c9e4c081b321e0e9d00f2867085e8b6dbda417 Mon Sep 17 00:00:00 2001 From: mjanez <96422458+mjanez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:11:31 +0200 Subject: [PATCH] Remove snyk and use docker lint --- .github/workflows/docker-dev.yaml | 31 +------------------------------ .github/workflows/docker.yaml | 29 ++++++++--------------------- 2 files changed, 9 insertions(+), 51 deletions(-) diff --git a/.github/workflows/docker-dev.yaml b/.github/workflows/docker-dev.yaml index 3026873..6d49cbc 100644 --- a/.github/workflows/docker-dev.yaml +++ b/.github/workflows/docker-dev.yaml @@ -53,33 +53,4 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} context: ${{ env.CONTEXT }} - file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }} - - scan_docker_image: - permissions: write-all - runs-on: ubuntu-latest - needs: [ docker ] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Scan Docker image - uses: snyk/actions/docker@master - continue-on-error: true - with: - image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Upload Snyk report as sarif - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif + file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }} \ No newline at end of file diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a916250..5668f8c 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -60,26 +60,13 @@ jobs: runs-on: ubuntu-latest needs: [ docker ] steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Scan Docker image - uses: snyk/actions/docker@master + - name: Scan & lint image + uses: ISID/build-and-scan-image@v0.4.2 continue-on-error: true with: - image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - args: --file=Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Upload Snyk report as sarif - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif \ No newline at end of file + tag: ${{ env.IMAGE_NAME }} + path: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }} + dockerfile: ${{ env.DOCKERFILE }} + hadolint-severity: error + dockle-severity: FATAL + trivy-severity: HIGH,CRITICAL \ No newline at end of file