Added security workflow scan (#301)

RedHatInsights · Jul 24, 2023 · 6305e6a · 6305e6a
1 parent 3cf8664
commit 6305e6a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/.github/workflows/security-workflow-template.yml b/.github/workflows/security-workflow-template.yml
@@ -0,0 +1,27 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# vulnerability scan with Anchore's Grype tool, and generates an
+# SBOM via Anchore's Syft tool
+
+# For more information on Anchore's container image scanning tool Grype, see
+# https://github.com/anchore/grype
+
+# For more information about the Anchore SBOM tool, Syft, see
+# https://github.com/anchore/syft
+
+name: ConsoleDot Platform Security Scan
+
+on:
+  push:
+    branches: [ "main", "master", "security-compliance" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main", "master", "security-compliance" ]
+
+jobs:
+  PlatSec-Security-Workflow:
+    uses: RedHatInsights/platform-security-gh-workflow/.github/workflows/platsec-security-scan-reusable-workflow.yml@master
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.redhat.io/ubi8/go-toolset as builder
+FROM registry.access.redhat.com/ubi8/go-toolset as builder
 
 WORKDIR /go/src/app
 COPY . .
@@ -7,7 +7,7 @@ USER 0
 
 RUN go build -v -o app main.go
 
-FROM registry.redhat.io/ubi8-minimal
+FROM registry.access.redhat.com/ubi8-minimal
 
 ARG BUILD_COMMIT=unknown