Scan images with Anchore to the GH Action workflow

In this repository, we only build container image. The code is maintained in a separate repository. So, we can only scan the generated images for security flaws. This pull request adds an action that uses the [Anchore Scan](https://github.com/marketplace/actions/anchore-container-scan) GitHub Action. It also removes a remnant workflow. Signed-off-by: Fabien Dupont <[email protected]>
rh-ecosystem-edge · Feb 1, 2022 · bd1ee91 · bd1ee91
1 parent 1e4aa19
commit bd1ee91
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 12 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -44,6 +44,15 @@ jobs:
             ./${{ matrix.distro-name }}/${{ matrix.distro-version }}/Dockerfile.${{ matrix.container }}
           context: sriov-network-operator
 
+      - name: List container images
+        run: docker images
+
+      - name: Scan the ${{ matrix.container }} image for ${{ matrix.distro-name }}-${{ matrix.distro-version }} with Anchore
+        id: scan-image
+        uses: anchore/scan-action@v3
+        with:
+          image: sriov-network-${{ matrix.container }}:${{ matrix.distro-name }}-${{ matrix.distro-version }}
+
       - name: Push the ${{ matrix.container }} image for ${{ matrix.distro-name }}-${{ matrix.distro-version }} to Quay.io
         id: push-to-quay
         if: |

diff --git a/.github/workflows/pr-build-images.yaml b/.github/workflows/pr-build-images.yaml