Skip to content

Daily Security Check for vulnerabilities in dependencies and images #136

Daily Security Check for vulnerabilities in dependencies and images

Daily Security Check for vulnerabilities in dependencies and images #136

name: Daily Security Check for vulnerabilities in dependencies and images
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
audit:
runs-on: ubuntu-latest
if: always()
steps:
- uses: actions/checkout@v4
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Setup Trivy
run: |
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
- name: Audit images
uses: ./.github/actions/audit-report-action
with:
projects: frontend,api,blockchain,provisioning,e2e-test,excel-export-service,email-notification-service,storage-service,logging-service,migration
include-dev-dependencies: false
issue_title_prefix: "Security Report:"
include-unfixed: false
severity-levels: CRITICAL,HIGH
scan-type: image
token: ${{ secrets.GITHUB_TOKEN }}
- name: Audit filesystem
uses: ./.github/actions/audit-report-action
with:
projects: frontend,api,blockchain,provisioning,e2e-test,excel-export-service,email-notification-service,storage-service,logging-service,migration
include-dev-dependencies: false
issue_title_prefix: "Security Report:"
include-unfixed: true
severity-levels: CRITICAL,HIGH,MEDIUM,LOW
scan-type: fs
token: ${{ secrets.GITHUB_TOKEN }}