From ccaa09762fbaf59be8448a0cd48337db8f873928 Mon Sep 17 00:00:00 2001 From: Jamie O'Meara Date: Wed, 19 May 2021 15:53:55 -0600 Subject: [PATCH] Update maven.yml --- .github/workflows/maven.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index f935aa3f6..7d4098576 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -69,25 +69,28 @@ jobs: - uses: andrioid/setup-pack@v1.0.1 - - name: "😆 Image using Pack" + - name: "😆 Build container image with CNB pack" run: | pack build ghcr.io/octodemo/spring-petclinic/spring-petclinic:${{ github.sha }} --builder paketobuildpacks/builder:base --env 'BP_JVM_VERSION=8.*' --tag ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest --publish - - uses: anchore/scan-action@v2 + - name: Check container image for vulnerabilities🛡 + uses: anchore/scan-action@v2 id: scan with: image: "ghcr.io/octodemo/spring-petclinic/spring-petclinic:latest" acs-report-enable: true + - name: upload Anchore scan SARIF report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: ${{ steps.scan.outputs.sarif }} - - name: Run Snyk to check Docker image for vulnerabilities + - name: Run Snyk to check Docker image for vulnerabilities 🚓 # Snyk can be used to break the build when it detects vulnerabilities. # In this case we want to upload the issues to GitHub Code Scanning continue-on-error: true uses: snyk/actions/docker@master + id: snyk env: # In order to use the Snyk Action you will need to have a Snyk API token. # More details in https://github.com/snyk/actions#getting-your-snyk-token @@ -98,4 +101,4 @@ jobs: - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: snyk.sarif + sarif_file: ${{ steps.snyk.outputs.sarif }}