1
# Licensed to the Apache Software Foundation (ASF) under one or more
2
# contributor license agreements. See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License. You may obtain a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
16
name: Docker Image CVE Scanner
19
# This job will run at 3:30 UTC daily
24
if: github.repository == 'apache/kafka'
25
runs-on: ubuntu-latest
28
# This is an array of supported tags. Make sure this array only contains the supported tags
29
supported_image_tag: ['latest', '3.7.1']
32
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
35
image-ref: apache/kafka:${{ matrix.supported_image_tag }}
37
severity: 'CRITICAL,HIGH'
38
output: scan_report_jvm_${{ matrix.supported_image_tag }}.txt
40
- name: Upload CVE scan report
42
uses: actions/upload-artifact@v4
44
name: scan_report_jvm_${{ matrix.supported_image_tag }}.txt
45
path: scan_report_jvm_${{ matrix.supported_image_tag }}.txt