Skip to content

Commit

Permalink
Try to mount qcow2, then scan the fs
Browse files Browse the repository at this point in the history
  • Loading branch information
JohnGarbutt committed Feb 13, 2024
1 parent 4397ce2 commit 801f768
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
13 changes: 11 additions & 2 deletions .github/workflows/build_test_images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,20 @@ jobs:
S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: mount qcow2 file
shell: |
sudo apt-get -y install libguestfs-tools
sudo mkdir -p /mnt/${{ steps.publish-image.outputs.image-name }}
sudo guestmount -a ${{ steps.publish-image.outputs.image-name }}.qcow2 -i /mnt/${{ steps.publish-image.outputs.image-name }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
scan-type: vm
scan-ref: ${{ steps.publish-image.outputs.image-name }}.qcow2
scan-type: fs
scan-ref: "/mnt/${{ steps.publish-image.outputs.image-name }}"
format: sarif
output: trivy-results.sarif
ignore-unfixed: true
Expand Down
3 changes: 0 additions & 3 deletions bin/setup
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,3 @@ ansible-galaxy install -f -r "$REPO_ROOT/requirements.yml"

# Initialise Packer plugins
packer init "$REPO_ROOT/config.pkr.hcl"

# Add package to help mount qcow2 files
sudo apt-get -y install libguestfs-tools

0 comments on commit 801f768

Please sign in to comment.