Build and scan image #10

Workflow file for this run

.github/workflows/dispatch.yml at 269d8e7

	name: Build and scan image

	on:
	workflow_dispatch:

	jobs:
	ghcr-no-push:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: ghcr.io
	repo-username: ${{ github.repository_owner }}
	repo-password: ${{ secrets.GITHUB_TOKEN }}
	image-name: csa-demo-ghcr-no-push
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: false
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	ghcr-no-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: ghcr.io
	repo-username: ${{ github.repository_owner }}
	repo-password: ${{ secrets.GITHUB_TOKEN }}
	image-name: csa-demo-ghcr-no-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	ghcr-with-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: ghcr.io
	repo-username: ${{ github.repository_owner }}
	repo-password: ${{ secrets.GITHUB_TOKEN }}
	image-name: csa-demo-ghcr-with-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: true
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	docker-no-push:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "drewviles"
	repo-username: ${{ secrets.DOCKER_USER }}
	repo-password: ${{ secrets.DOCKER_PASSWORD }}
	image-name: csa-demo-docker-no-push
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: false
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	docker-no-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "drewviles"
	repo-username: ${{ secrets.DOCKER_USER }}
	repo-password: ${{ secrets.DOCKER_PASSWORD }}
	image-name: csa-demo-docker-no-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	docker-with-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "drewviles"
	repo-username: ${{ secrets.DOCKER_USER }}
	repo-password: ${{ secrets.DOCKER_PASSWORD }}
	image-name: csa-demo-docker-with-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: true
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .


	external-registry-no-push:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "registry.hudson-viles.uk/public"
	repo-username: ${{ secrets.REGISTRY_PUBLIC_USER }}
	repo-password: ${{ secrets.REGISTRY_PUBLIC_PASSWORD }}
	image-name: csa-demo-external-registry-no-push
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: false
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	external-registry-no-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "registry.hudson-viles.uk/public"
	repo-username: ${{ secrets.REGISTRY_PUBLIC_USER }}
	repo-password: ${{ secrets.REGISTRY_PUBLIC_PASSWORD }}
	image-name: csa-demo-external-registry-no-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: false
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

	external-registry-with-latest:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- uses: drewbernetes/container-security-action@speed-improvements
	with:
	image-repo: "registry.hudson-viles.uk/public"
	repo-username: ${{ secrets.REGISTRY_PUBLIC_USER }}
	repo-password: ${{ secrets.REGISTRY_PUBLIC_PASSWORD }}
	image-name: csa-demo-external-registry-with-latest
	image-tag: "1.0"
	check-severity: CRITICAL
	trivyignore-from-s3: true
	s3-endpoint: "https://api.s3.hudson-viles.uk"
	s3-access-key: ${{secrets.S3_ACCESS_KEY}}
	s3-secret-key: ${{secrets.S3_SECRET_KEY}}
	s3-bucket: "trivyignores"
	s3-path: "container-security-action-demo"
	add-latest-tag: true
	publish-image: true
	cosign-private-key: ${{secrets.COSIGN_KEY}}
	cosign-password: ${{secrets.COSIGN_PASSWORD}}
	cosign-tlog: false
	dockerfile-path: .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and scan image #10

Workflow file

Build and scan image #10

Jobs

Run details

Workflow file for this run