Skip to content

CVE Scan

CVE Scan #636

Workflow file for this run

name: "CVE Scan"
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
scan-images:
name: Scan latest public image
if: github.repository_owner == 'asciidoctor' || github.event_name != 'schedule'
runs-on: ubuntu-latest
strategy:
matrix:
image: [ docker-asciidoctor ]
tag: [ latest ]
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/asciidoctor/${{ matrix.image }}:${{ matrix.tag }}'
severity: 'CRITICAL,HIGH'
format: 'table'
# we can set to 0 to avoid breaking the pipeline
exit-code: '1'