|
|
|
@ -14,17 +14,17 @@ jobs:
|
|
|
|
|
Anchore-Build-Scan:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout the code
|
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
|
- name: Build the Docker image
|
|
|
|
|
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
|
|
|
|
- name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
|
|
|
|
|
uses: anchore/scan-action@main
|
|
|
|
|
- name: Set up Docker Buildx
|
|
|
|
|
uses: docker/setup-buildx-action@v1
|
|
|
|
|
|
|
|
|
|
- name: build local container
|
|
|
|
|
uses: docker/build-push-action@v2
|
|
|
|
|
with:
|
|
|
|
|
image: "localbuild/testimage:latest"
|
|
|
|
|
dockerfile-path: "Dockerfile"
|
|
|
|
|
acs-report-enable: true
|
|
|
|
|
- name: Upload Anchore Scan Report
|
|
|
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
|
|
|
tags: localbuild/testimage:latest
|
|
|
|
|
push: false
|
|
|
|
|
load: true
|
|
|
|
|
|
|
|
|
|
- name: Scan image
|
|
|
|
|
uses: anchore/scan-action@v3
|
|
|
|
|
with:
|
|
|
|
|
sarif_file: results.sarif
|
|
|
|
|
image: "localbuild/testimage:latest"
|
|
|
|
|