File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : Security Scan
2+ on :
3+ workflow_dispatch :
4+ inputs :
5+ target :
6+ description : " Scan part"
7+ required : true
8+ default : " docker"
9+ type : choice
10+ options :
11+ - docker
12+ - source
13+ image :
14+ description : " Docker image (for 'docker' target). By default ghcr.io/<owner>/<repo>:latest"
15+ required : false
16+ default : " "
17+ only-high-critical :
18+ description : " Scan only HIGH + CRITICAL"
19+ required : false
20+ default : true
21+ type : boolean
22+ trivy-scan :
23+ description : " Run Trivy scan"
24+ required : false
25+ default : true
26+ type : boolean
27+ grype-scan :
28+ description : " Run Grype scan"
29+ required : false
30+ default : true
31+ type : boolean
32+ continue-on-error :
33+ description : " Continue on error"
34+ required : false
35+ default : true
36+ type : boolean
37+ only-fixed :
38+ description : " Show only fixable vulnerabilities"
39+ required : false
40+ default : true
41+ type : boolean
42+
43+ schedule :
44+ - cron : " 0 3 * * 0" # every Sunday at 03:00 UTC
45+
46+ permissions :
47+ contents : read
48+ security-events : write
49+ actions : read
50+ packages : read
51+
52+ jobs :
53+ security-scan :
54+ name : " Run Security Scan"
55+ uses : netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@main
56+ with :
57+ target : ${{ github.event.inputs.target || 'docker' }}
58+ image : ${{ github.event.inputs.image || format('ghcr.io/{0}:latest', github.repository) }}
59+ only-high-critical : ${{ github.event.inputs.only-high-critical || true }}
60+ trivy-scan : ${{ github.event.inputs.trivy-scan || true }}
61+ grype-scan : ${{ github.event.inputs.grype-scan || true }}
62+ only-fixed : ${{ github.event.inputs.only-fixed || true }}
63+ continue-on-error : ${{ github.event.inputs.continue-on-error || true }}
You can’t perform that action at this time.
0 commit comments