Gradle build

This commit is contained in:
Thomas Laubrock 2023-04-14 19:13:54 +02:00 committed by GitHub
parent d9c4b0465c
commit e8adb726d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -42,19 +42,26 @@ jobs:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
#- name: Run Aqua scanner - name: Gradle Build Action
# uses: docker://aquasec/aqua-scanner # You may pin to the exact commit or the version.
# with: # uses: gradle/gradle-build-action@5056fa9d50478a14af3c9925c12ca02318659d3e
# args: trivy fs -d --scanners config,vuln,secret --sast . uses: gradle/gradle-build-action@v2.4.1
# # To customize which severities to scan for, add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL with:
# # To enable SAST scanning, add: --sast arguments: bootJar --no-daemon
# # To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj build-root-directory: src
# env: - name: Run Aqua scanner
# AQUA_KEY: ${{ secrets.AQUA_KEY }} uses: docker://aquasec/aqua-scanner
# AQUA_SECRET: ${{ secrets.AQUA_SECRET }} with:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} args: trivy fs -d --scanners config,vuln,secret --sast .
# TRIVY_RUN_AS_PLUGIN: 'aqua' # To customize which severities to scan for, add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
# # For http/https proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate) # To enable SAST scanning, add: --sast
# To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj
env:
AQUA_KEY: ${{ secrets.AQUA_KEY }}
AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_RUN_AS_PLUGIN: 'aqua'
# For http/https proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate)
# Extract metadata (tags, labels) for Docker # Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action # https://github.com/docker/metadata-action
- name: Extract Docker metadata - name: Extract Docker metadata
@ -75,19 +82,6 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Run Aqua scanner
uses: docker://aquasec/aqua-scanner
with:
args: trivy image -d --scanners config,vuln,secret "${{ steps.meta.outputs.tags }}"
# To customize which severities to scan for, add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
# To enable SAST scanning, add: --sast
# To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj
env:
AQUA_KEY: ${{ secrets.AQUA_KEY }}
AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_RUN_AS_PLUGIN: 'aqua'
# For http/https proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate)
- name: Manifest Generation - name: Manifest Generation
run: | run: |
docker image ls docker image ls