Skip to content

Vulnerability Scan #1464

Vulnerability Scan

Vulnerability Scan #1464

Workflow file for this run

name: Vulnerability Scan
on:
workflow_dispatch:
schedule:
- cron: '0 10 * * *' # Once per day at 10am UTC
jobs:
list-tests:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- id: list-tests-step
name: List Tests
run: echo "testnames=$( (cd .github/tests && find * -maxdepth 0 -type d) | jq --compact-output --slurp --raw-input 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
outputs:
testnames: ${{steps.list-tests-step.outputs.testnames}}
run-scan:
needs: list-tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.list-tests.outputs.testnames) }}
services:
accelerator:
image: ghcr.io/app-accelerator-build/acc-engine:latest
credentials:
username: ${{secrets.GHCR_USER}}
password: ${{secrets.GHCR_TOKEN}}
ports:
- 8888:8080
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK 21
uses: actions/setup-java@v2
with:
java-version: '21'
distribution: 'adopt'
- name: Set up .NET 8
uses: actions/setup-dotnet@v3
with:
dotnet-version: '8.0.x'
- name: Wait for Engine Container
uses: ifaxity/wait-on-action@v1
with:
resource: http://localhost:8888/actuator
timeout: 10000
- name: Download Grype
uses: anchore/scan-action/download-grype@v3
with:
grype-version: v0.80.1
id: grype
- name: Generate ${{matrix.test}}
run: .github/tests/generate.sh ${{matrix.test}}
- name: Scan ${{matrix.test}}
run: .github/tests/scan.sh ${{matrix.test}} ${{steps.grype.outputs.cmd}}