1
name: Container Vulnerability Scan
11
if: github.repository_owner == 'cilium'
14
continue-on-error: true
18
{name: cilium, dockerfile: ./images/cilium/Dockerfile},
19
{name: clustermesh-apiserver, dockerfile: ./images/clustermesh-apiserver/Dockerfile},
20
{name: docker-plugin, dockerfile: ./images/cilium-docker-plugin/Dockerfile},
21
{name: hubble-relay, dockerfile: ./images/hubble-relay/Dockerfile},
22
{name: operator-generic, dockerfile: ./images/operator/Dockerfile},
24
branch: [v1.12, v1.13, v1.14, v1.15]
26
- image: {name: kvstoremesh, dockerfile: ./images/kvstoremesh/Dockerfile}
30
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
32
ref: ${{ matrix.branch }}
33
persist-credentials: false
34
- name: Set up Docker Buildx
35
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
36
- name: Build local container
37
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
40
tags: ${{ matrix.image.name }}:${{ matrix.branch }}
43
file: ${{ matrix.image.dockerfile }}
45
OPERATOR_VARIANT=${{ matrix.image.name }}
47
uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
49
image: ${{ matrix.image.name }}:${{ matrix.branch }}
51
severity-cutoff: critical