Skip to content

dsp-appsec-trivy

dsp-appsec-trivy #63

Workflow file for this run

name: dsp-appsec-trivy
on:
pull_request:
schedule:
- cron: '0 0 * * 0'
jobs:
appsec-trivy:
# Parse Dockerfile and build, scan image if a "blessed" base image is not used
name: DSP AppSec Trivy check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Needed by sonar to get the git history for the branch the PR will be merged into.
with:
fetch-depth: 0
- uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
context: ./orchestration
dockerfile: Dockerfile
- name: Notify in Slack
if: failure()
uses: broadinstitute/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
channel: "trivy-weekly-scans-notblessedimages"
username: "HCA-Ingest Trivy scan"
icon_emoji: ':alert_red_light:'
text: 'HCA-Ingest Trivy scan failure. <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Click here> to see the run.'