From 106b4b53dc20936ba02bef13e8d68bf69ab2e929 Mon Sep 17 00:00:00 2001 From: bryopsida <8363252+bryopsida@users.noreply.github.com> Date: Sat, 15 Jan 2022 10:24:36 -0600 Subject: [PATCH 1/2] Create anchore-analysis.yml --- .github/workflows/anchore-analysis.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/anchore-analysis.yml diff --git a/.github/workflows/anchore-analysis.yml b/.github/workflows/anchore-analysis.yml new file mode 100644 index 0000000..a63a287 --- /dev/null +++ b/.github/workflows/anchore-analysis.yml @@ -0,0 +1,26 @@ + +name: Anchore Container Scan +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '35 22 * * 0' +jobs: + Anchore-Build-Scan: + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v2 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag localbuild/testimage:latest + - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled + uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd + with: + image: "localbuild/testimage:latest" + acs-report-enable: true + - name: Upload Anchore Scan Report + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif From 7793a6eea7e9d7fe6c066d2e932da14b049a8cbc Mon Sep 17 00:00:00 2001 From: bryopsida <8363252+bryopsida@users.noreply.github.com> Date: Sat, 15 Jan 2022 10:30:06 -0600 Subject: [PATCH 2/2] Update anchore-analysis.yml --- .github/workflows/anchore-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/anchore-analysis.yml b/.github/workflows/anchore-analysis.yml index a63a287..c216a19 100644 --- a/.github/workflows/anchore-analysis.yml +++ b/.github/workflows/anchore-analysis.yml @@ -20,6 +20,7 @@ jobs: with: image: "localbuild/testimage:latest" acs-report-enable: true + fail-build: false - name: Upload Anchore Scan Report uses: github/codeql-action/upload-sarif@v1 with: