Files
wehub-resource-sync bf2343b7e4
Integration Tests - MySQL + Elasticsearch / Detect Changes (push) Has been cancelled
Integration Tests - MySQL + Elasticsearch / integration-tests-mysql-elasticsearch (push) Has been cancelled
Integration Tests - PostgreSQL + Elasticsearch + Redis / Detect Changes (push) Has been cancelled
Integration Tests - PostgreSQL + Elasticsearch + Redis / integration-tests-postgres-elasticsearch-redis (push) Has been cancelled
Integration Tests - PostgreSQL + OpenSearch / Detect Changes (push) Has been cancelled
Integration Tests - PostgreSQL + OpenSearch / integration-tests-postgres-opensearch (push) Has been cancelled
Java Checkstyle / java-checkstyle (push) Has been cancelled
Maven Collate Tests / maven-collate-ci (push) Has been cancelled
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests-status (push) Has been cancelled
Publish Package to Maven Central Repository / publish-maven-packages (push) Has been cancelled
OpenMetadata Service Unit Tests / Detect Changes (push) Has been cancelled
OpenMetadata Service Unit Tests / openmetadata-service-unit-tests (push) Has been cancelled
OpenMetadata Service Unit Tests / k8s_operator-unit-tests (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:35:45 +08:00

57 lines
1.5 KiB
YAML

name: Trivy Scan For OpenMetadata Server Docker Image
on:
workflow_dispatch:
concurrency:
group: trivy-server-scan-${{ github.run_id }}
cancel-in-progress: true
jobs:
build-and-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Prepare for Docker Build
id: prepare
uses: ./.github/actions/prepare-for-docker-build
with:
image: openmetadata-server
tag: trivy
is_ingestion: false
- name: Build Docker Image
run: |
docker build -t openmetadata-server:trivy -f docker/development/Dockerfile .
- name: Run Trivy Image Scan
uses: aquasecurity/trivy-action@0.35.0
with:
scan-type: "image"
image-ref: openmetadata-server:trivy
hide-progress: true
ignore-unfixed: true
severity: "HIGH,CRITICAL,MEDIUM"
format: "table"
output: trivy.txt
env:
TRIVY_DISABLE_VEX_NOTICE: "true"
- name: Publish Trivy Output to Summary
run: |
if [[ -s trivy.txt ]]; then
{
echo "### Trivy Security Scan Results"
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```text'
cat trivy.txt
echo '```'
echo "</details>"
} >> $GITHUB_STEP_SUMMARY
else
echo "No vulnerabilities found." >> $GITHUB_STEP_SUMMARY
fi