DevFW-CICD/spring-petclinic
16
0
Fork 1
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-27 17:35:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update maven.yml

Browse source
This commit is contained in:
Jamie O'Meara 2021-05-19 16:40:22 -06:00 committed by GitHub
parent e0f9d79c2e
commit cbe2962089
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/maven.yml vendored
View file

@ -73,17 +73,17 @@ jobs:
run: |
pack build ghcr.io/octodemo/spring-petclinic/spring-petclinic:${{ github.sha }} --builder paketobuildpacks/builder:base --env 'BP_JVM_VERSION=8.*' --tag ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest --publish
- name: 🛡 Scan container image for vulnerabilities
uses: anchore/scan-action@v2
id: scan
with:
image: "ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest"
acs-report-enable: true
# - name: 🛡 Scan container image for vulnerabilities
# uses: anchore/scan-action@v2
# id: scan
# with:
# image: "ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest"
# acs-report-enable: true
- name: ⬆️ Upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
# - name: ⬆️ Upload Anchore scan SARIF report
# uses: github/codeql-action/upload-sarif@v1
# with:
# sarif_file: ${{ steps.scan.outputs.sarif }}
- name: 🚓 Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.