Try dockle & Trivy container scanner

Signed-off-by: Victor Chang <[email protected]>
Project-MONAI · Oct 20, 2022 · 77a02d8 · 77a02d8
1 parent 14b0b89
commit 77a02d8
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -88,6 +88,22 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           file: ${{ matrix.dockerfile }}
 
+      - uses: hands-lab/dockle-action@v1
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+
+      - name: Trivy Vulnerability Scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
       - name: Scan Image with Azure Container Scan
         uses: Azure/[email protected]
         if: always()