test vulnscan action

2023-10-30 12:00:11 +01:00 · 2023-10-30 12:00:11 +01:00 · 4c0d5f6ef9
commit 4c0d5f6ef9
parent 8473b553f8
2 changed files with 12 additions and 5 deletions
--- a/.gitea/workflows/vulnscan.yaml
+++ b/.gitea/workflows/vulnscan.yaml
@ -2,7 +2,7 @@ name: Vulnerability Scan

 on:
  schedule:
-    - cron: '0 14 * * *'
+    - cron: "0 14 * * *"

 jobs:
  scan:
@ -16,9 +16,10 @@ jobs:
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
-          image-ref: 'docker.asperti.com/paspo/glpi:latest'
-          format: 'json'
-          output: 'trivy-results.json'
+          image-ref: "docker.asperti.com/paspo/glpi:latest"
+          format: "json"
+          output: "trivy-results.json"

+      # if some vulnerability is found, we fail
      - name: check output
        run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
--- a/README.md
+++ b/README.md
@ -18,5 +18,11 @@ see [docker-compose.yaml](docker-compose.yaml)
 ## test drone config

 ```sh
-drone starlark --format  --stdout 
+drone starlark --format --stdout 
+```
+
+## run vulnscan locally
+
+```bash
+act -W .gitea/workflows/vulnscan.yaml -j scan
 ```