yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-04 13:26:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update/openmetadata trivy scan (#21382)

Browse Source 
* updated the workflow

* updated

* updated

* updated

* updated

* updated

* fix the openmetadata server trivy scan to detail out the report on Github Step Summary

* fix the openmetadata server trivy scan to detail out the report on Github Step Summary

* fix the openmetadata server trivy scan to detail out the report on Github Step Summary
This commit is contained in:
tarunpandey23 2025-05-23 18:43:34 +05:30 committed by GitHub
parent 1ee36d41c6
commit 98795e312d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/trivy-scan-openmetadata-server.yml vendored
View File

@ -1,17 +1,21 @@
name: Trivy Scan For OpenMetadata Server Docker Image name: Trivy Scan For OpenMetadata Server Docker Image
on: on:
schedule: schedule:
- cron: '15 4 * * *' - cron: '15 4 * * *'
workflow_dispatch: workflow_dispatch:
concurrency: concurrency:
group: trivy-server-scan-${{ github.head_ref || github.run_id }} group: trivy-server-scan-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
build-and-scan: build-and-scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }} if: ${{ !github.event.pull_request.draft }}
permissions: permissions:
pull-requests: write pull-requests: write
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -29,19 +33,31 @@ jobs:
- name: Build Docker Image - name: Build Docker Image
run: | run: |
docker build -t openmetadata-server:trivy -f docker/development/Dockerfile . docker build -t openmetadata-server:trivy -f docker/development/Dockerfile .
- name: Run Trivy Image Scan - name: Run Trivy Image Scan
id: trivy_scan uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@master
with: with:
scan-type: "image" scan-type: "image"
image-ref: openmetadata-server:trivy image-ref: openmetadata-server:trivy
hide-progress: false hide-progress: true
ignore-unfixed: true ignore-unfixed: true
severity: "HIGH,CRITICAL,MEDIUM" severity: "HIGH,CRITICAL,MEDIUM"
scan-ref: . format: "table"
format: 'template' output: trivy.txt
template: "@.github/trivy/templates/github.tpl"
output: $GITHUB_STEP_SUMMARY
env: env:
TRIVY_DISABLE_VEX_NOTICE: "true" TRIVY_DISABLE_VEX_NOTICE: "true"
- name: Publish Trivy Output to Summary
run: |
if [[ -s trivy.txt ]]; then
{
echo "### Trivy Security Scan Results"
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```text'
cat trivy.txt
echo '```'
echo "</details>"
} >> $GITHUB_STEP_SUMMARY
else
echo "No vulnerabilities found." >> $GITHUB_STEP_SUMMARY
fi