add security scans

2026-06-05 17:02:41 +10:00
parent 70593fe0a3
commit 1d19b08b7e
3 changed files with 30 additions and 1 deletions
@@ -67,6 +67,15 @@ if [ -n "$INPUT_IMAGE_NAME" ]; then
  if [ -n "$INPUT_IMAGE_TAG" ]; then
    echo "Building image $FULL_IMAGE:$INPUT_IMAGE_TAG..."
    docker build -t "$FULL_IMAGE:$INPUT_IMAGE_TAG" -f "$INPUT_DOCKERFILE" .
+
+    echo "Scanning image for vulnerabilities..."
+    trivy image \
+      --exit-code 1 \
+      --severity "$INPUT_SCAN_SEVERITY" \
+      --no-progress \
+      "$FULL_IMAGE:$INPUT_IMAGE_TAG"
+
+    echo "Scan passed, pushing image..."
    docker push "$FULL_IMAGE:$INPUT_IMAGE_TAG"
  else
    SHA=$(echo "$GITHUB_SHA" | cut -c1-7)
@@ -75,6 +84,15 @@ if [ -n "$INPUT_IMAGE_NAME" ]; then
      -t "$FULL_IMAGE:latest" \
      -t "$FULL_IMAGE:$SHA" \
      -f "$INPUT_DOCKERFILE" .
+
+    echo "Scanning image for vulnerabilities..."
+    trivy image \
+      --exit-code 1 \
+      --severity "$INPUT_SCAN_SEVERITY" \
+      --no-progress \
+      "$FULL_IMAGE:latest"
+
+    echo "Scan passed, pushing image..."
    docker push "$FULL_IMAGE:latest"
    docker push "$FULL_IMAGE:$SHA"