Skip to content

CVE Scan

CVE Scan #904

Workflow file for this run

name: "CVE Scan"
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch: { }
jobs:
scan-images:
name: Scan latest public image
runs-on: ubuntu-latest
continue-on-error: true
strategy:
matrix:
image: [ kroki, kroki-mermaid, kroki-bpmn, kroki-excalidraw, kroki-diagramsnet ]
tag: [ latest ]
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/yuzutech/${{ matrix.image }}:${{ matrix.tag }}'
severity: 'CRITICAL,HIGH'
format: 'table'
# we can set to 0 to avoid breaking the pipeline
exit-code: '0'