Compare commits
5 Commits
main
...
developmen
| Author | SHA1 | Date | |
|---|---|---|---|
| c0077e3dd8 | |||
| af6ea11079 | |||
| 5a7f32541f | |||
| dd3f18bb06 | |||
| f4b18b6cf1 |
@@ -24,6 +24,13 @@ jobs:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Prepare Docker auth config for Scout container
|
||||
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
||||
run: |
|
||||
mkdir -p "$RUNNER_TEMP/scout-docker-config"
|
||||
cp "$HOME/.docker/config.json" "$RUNNER_TEMP/scout-docker-config/config.json"
|
||||
chmod 600 "$RUNNER_TEMP/scout-docker-config/config.json"
|
||||
|
||||
- name: Build backend image (local)
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
@@ -93,30 +100,44 @@ jobs:
|
||||
PY
|
||||
|
||||
- name: Docker Scout scan (backend)
|
||||
continue-on-error: true
|
||||
run: |
|
||||
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
|
||||
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
|
||||
exit 0
|
||||
fi
|
||||
docker run --rm \
|
||||
-u root \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
|
||||
-e DOCKER_CONFIG=/root/.docker \
|
||||
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
|
||||
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
|
||||
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
|
||||
docker/scout-cli:latest cves nexapg-backend:dev-scan \
|
||||
--only-severity critical,high,medium,low > scout-backend.txt
|
||||
--only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
|
||||
echo "" >> scout-backend.txt
|
||||
echo "Docker Scout backend scan failed (non-blocking)." >> scout-backend.txt
|
||||
}
|
||||
|
||||
- name: Docker Scout scan (frontend)
|
||||
continue-on-error: true
|
||||
run: |
|
||||
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
|
||||
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
|
||||
exit 0
|
||||
fi
|
||||
docker run --rm \
|
||||
-u root \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
|
||||
-e DOCKER_CONFIG=/root/.docker \
|
||||
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
|
||||
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
|
||||
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
|
||||
docker/scout-cli:latest cves nexapg-frontend:dev-scan \
|
||||
--only-severity critical,high,medium,low > scout-frontend.txt
|
||||
--only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
|
||||
echo "" >> scout-frontend.txt
|
||||
echo "Docker Scout frontend scan failed (non-blocking)." >> scout-frontend.txt
|
||||
}
|
||||
|
||||
- name: Print scan summary
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user