forked from openkfw/TruBudget
-
Notifications
You must be signed in to change notification settings - Fork 0
32 lines (31 loc) · 1.33 KB
/
daily-security-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Daily Security Check for vulnerabilities in dependencies and images
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
audit:
runs-on: ubuntu-latest
if: always()
steps:
- uses: actions/checkout@v4
- name: Use Node.js 18.x
uses: actions/setup-node@v4
with:
node-version: 18.x
- name: Setup Trivy
run: |
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
- name: Audit projects and create security reports
uses: ./.github/actions/audit-report-action
with:
projects: frontend,api,blockchain,provisioning,e2e-test,excel-export-service,email-notification-service,storage-service,logging-service,migration
include-dev-dependencies: false
issue_title_prefix: "Security Report:"
include-unfixed: true
severity-levels: CRITICAL,HIGH,MEDIUM,LOW
token: ${{ secrets.GITHUB_TOKEN }}