nessi/NexaPG
1
0
Fork 0
Code Issues 20 Pull Requests Actions Packages Projects Releases 12 Activity

Add Docker Hub authentication for Scout scans
Some checks failed
Migration Safety / Alembic upgrade/downgrade safety (push) Successful in 22s
Details
PostgreSQL Compatibility Matrix / PG14 smoke (push) Successful in 8s
Details
PostgreSQL Compatibility Matrix / PG15 smoke (push) Successful in 8s
Details
PostgreSQL Compatibility Matrix / PG16 smoke (push) Successful in 8s
Details
PostgreSQL Compatibility Matrix / PG17 smoke (push) Successful in 8s
Details
PostgreSQL Compatibility Matrix / PG18 smoke (push) Successful in 8s
Details
Container CVE Scan (development) / Scan backend/frontend images for CVEs (push) Failing after 1m53s
Details

Browse Source 
This update ensures Docker Scout scans use Docker Hub authentication. If the required credentials are absent, the scans are skipped with a corresponding message. This improves security and prevents unnecessary scan failures.
This commit is contained in:
Sascha Nesterovic
2026-02-14 18:31:10 +01:00
parent a5ffafaf9e
commit a220e5de99
1 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/container-cve-scan-development.yml vendored
View File

@@ -17,6 +17,13 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Docker Hub login (for Scout)
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build backend image (local) - name: Build backend image (local)
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
@@ -86,16 +93,30 @@ jobs:
PY PY
- name: Docker Scout scan (backend) - name: Docker Scout scan (backend)
continue-on-error: true
run: | run: |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock docker/scout-cli:latest \ if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
cves nexapg-backend:dev-scan --only-severity critical,high,medium,low > scout-backend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
exit 0
fi
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-backend:dev-scan \
--only-severity critical,high,medium,low > scout-backend.txt
- name: Docker Scout scan (frontend) - name: Docker Scout scan (frontend)
continue-on-error: true
run: | run: |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock docker/scout-cli:latest \ if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
cves nexapg-frontend:dev-scan --only-severity critical,high,medium,low > scout-frontend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
exit 0
fi
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-frontend:dev-scan \
--only-severity critical,high,medium,low > scout-frontend.txt
- name: Print scan summary - name: Print scan summary
run: | run: |