Enable trivy scan (#2)

* ci: add trivy scan to docker-latest workflow * chore: delete separate trivy workflow * fix: use correct name for workflow * ci: update trivy-results.log file --------- Co-authored-by: Trivy Scan <[email protected]>
danubetech · Apr 18, 2024 · 338e5c7 · 338e5c7
1 parent 3a2e571
commit 338e5c7
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 44 deletions.
diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml
@@ -23,3 +23,9 @@ jobs:
       CI_SECRET_READER_PERIODIC_TOKEN: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }}
       VAULTCA: ${{ secrets.VAULTCA }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  trivy-scan:
+    uses: danubetech/workflows/.github/workflows/trivy-check.yml@main
+    with:
+      GLOBAL_IMAGE_NAME: universalresolver/driver-did-dns
+      GLOBAL_REPO_NAME: docker.io
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
diff --git a/trivy-results.log b/trivy-results.log
@@ -0,0 +1,16 @@
+
+docker.io/universalresolver/driver-did-dns (alpine 3.19.1)
+==========================================================
+Total: 2 (UNKNOWN: 0, LOW: 2, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
+
+┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
+│  Library   │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                           │
+├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
+│ libcrypto3 │ CVE-2024-2511 │ LOW      │ fixed  │ 3.1.4-r5          │ 3.1.4-r6      │ openssl: Unbounded memory growth with session handling in │
+│            │               │          │        │                   │               │ TLSv1.3                                                   │
+│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-2511                 │
+├────────────┤               │          │        │                   │               │                                                           │
+│ libssl3    │               │          │        │                   │               │                                                           │
+│            │               │          │        │                   │               │                                                           │
+│            │               │          │        │                   │               │                                                           │
+└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘