plugin ledger connector quorum trivy scan test

aldousalvarez · Apr 2, 2024 · 0debc7e · 0debc7e
1 parent fa27fde
commit 0debc7e
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/.github/workflows/trivy-container-scan.yaml b/.github/workflows/trivy-container-scan.yaml
@@ -0,0 +1,33 @@
+name: trivy-container-image-scan
+
+on:
+  push:
+  pull_request:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+
+jobs:
+
+  build:
+    name: Scan cactus-plugin-ledger-connector-quorum table image
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build an image from Dockerfile
+        run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t cactus-plugin-ledger-connector-quorum
+      - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-quorum
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-plugin-ledger-connector-quorum'
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
diff --git a/packages/cactus-plugin-ledger-connector-quorum/Dockerfile b/packages/cactus-plugin-ledger-connector-quorum/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/hyperledger/cactus-cmd-api-server:v1.0.0
+FROM ghcr.io/hyperledger/cactus-cmd-api-server:2022-08-05-7309f2a
 
 ARG NPM_PKG_VERSION=latest