Skip to content
This repository has been archived by the owner on Mar 13, 2024. It is now read-only.

build(deps): bump github.com/zclconf/go-cty from 1.13.2 to 1.14.1 #70

build(deps): bump github.com/zclconf/go-cty from 1.13.2 to 1.14.1

build(deps): bump github.com/zclconf/go-cty from 1.13.2 to 1.14.1 #70

Workflow file for this run

name: Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '18 10 * * 3'
permissions:
actions: read
contents: read # for actions/checkout to fetch code
security-events: write # for codeQL to write security events
env:
OWNER_NAME: ${{ github.repository_owner }}
CONTROLLER: ${{ github.event.repository.name }}
jobs:
fossa:
name: FOSSA
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@v1
with:
# FOSSA Push-Only API Token
fossa-api-key: b429fea44d610229ac091ed8d1223bb9
github-token: ${{ github.token }}
codeql:
name: CodeQL
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
trivy:
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build tf-controller image
run: |
make docker-buildx OWNER_NAME=${{ env.OWNER_NAME }}
- name: Run Trivy vulnerability scanner on controller image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ env.OWNER_NAME }}/tf-controller:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner on runner image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ env.OWNER_NAME }}/tf-runner:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
skip-files: '/usr/local/bin/terraform' # false positive
- name: Run Trivy vulnerability scanner on runner image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ env.OWNER_NAME }}/tf-runner-azure:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
skip-files: '/usr/local/bin/terraform' # false positive
- name: Run Trivy vulnerability scanner on planner image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ env.OWNER_NAME }}/branch-planner:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
skip-files: '/usr/local/bin/terraform' # false positive