File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 6767 cache-from : type=gha,scope=build-amd64
6868 cache-to : type=gha,mode=max,scope=build-amd64
6969
70- - name : Scan image
71- uses : anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
72- id : scan
73- with :
74- image : ghcr.io/${{ github.repository }}:build-${{ github.run_id }}-amd64
75- only-fixed : true
76- fail-build : true
77- severity-cutoff : critical
78- output-format : sarif
79-
80- - name : Upload Anchore scan SARIF report
81- uses : github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4
82- if : ${{ !cancelled() }}
83- with :
84- sarif_file : ${{ steps.scan.outputs.sarif }}
85-
8670 build-arm64 :
8771 runs-on : ubuntu-24.04-arm
8872 needs : [config]
@@ -150,3 +134,19 @@ jobs:
150134 $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
151135 "ghcr.io/${{ github.repository }}@${{ needs.build-amd64.outputs.digest }}" \
152136 "ghcr.io/${{ github.repository }}@${{ needs.build-arm64.outputs.digest }}"
137+
138+ name : Scan image
139+ uses : anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
140+ id : scan
141+ with :
142+ image : ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
143+ only-fixed : true
144+ fail-build : true
145+ severity-cutoff : critical
146+ output-format : sarif
147+
148+ - name : Upload Anchore scan SARIF report
149+ uses : github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4
150+ if : ${{ !cancelled() }}
151+ with :
152+ sarif_file : ${{ steps.scan.outputs.sarif }}
You can’t perform that action at this time.
0 commit comments