Scan docker image #22

	name: Scan docker image

	on:
	workflow_dispatch:
	schedule:
	# Run at 7:30AM UTC every day
	- cron: '30 07 * * *'

	jobs:
	scan-docker-image:
	permissions:
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

	name: Scan docker image
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Build with Maven
	run: mvn -B -DskipTests clean package
	shell:
	bash

	- name: Debug Docker info
	run: \|
	docker info
	ls -al

	- name: Build docker image
	run: \|
	docker build \
	--no-cache \
	--tag payforlegalaid:scan \
	--file Dockerfile .

	- name: Scan docker image using Snyk
	continue-on-error: true
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: payforlegalaid:scan
	args: --file=Dockerfile --sarif-file-output=snyk.sarif

	- name: Monitor docker image using Snyk
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	command: monitor
	image: payforlegalaid:scan
	args: --file=Dockerfile

	- name: Replace security-severity undefined for license-related findings
	# See https://github.com/github/codeql-action/issues/2187 for details
	run: \|
	sed -i "s/\"security-severity\": \"undefined\"/\"security-severity\": \"0\"/g" snyk.sarif
	sed -i "s/\"security-severity\": \"null\"/\"security-severity\": \"0\"/g" snyk.sarif

	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif

Provide feedback