ghaction-container-scan
ghaction-container-scan copied to clipboard
crazy-max
GitHub Action to check for vulnerabilities in your container image
### Behaviour #### Steps to reproduce this issue 1. Build an image with only arm64 and/or arm32 manifests 2. Run scan action against it #### Expected behaviour Scanning should be...
Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.2. Release notes Sourced from semver's releases. v7.6.2 7.6.2 (2024-05-09) Bug Fixes 6466ba9 #713 lru: use map.delete() directly (#713) (@negezor, @lukekarrys) v7.6.1 7.6.1 (2024-05-04) Bug...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Update `.github/trivy-releases.json` to keep in sync with [https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy).
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Would it be an idea to have an ENV var that will be used to pass along with the trivy command? I would like to pass: ```txt --security-checks vuln --ignore-unfixed...
Detect [configuration issues](https://aquasecurity.github.io/trivy/v0.20.0/misconfiguration/) if a Dockerfile is provided.
Update `.github/trivy-releases.json` to keep in sync with [https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy).
Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. Release notes Sourced from semver's releases. v7.6.3 7.6.3 (2024-07-16) Bug Fixes 73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide) Documentation 2975ece #719 fix...
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.10.1 to 1.11.0. Changelog Sourced from @actions/core's changelog. 1.11.0 Add platform info utilities #1551 Remove dependency on uuid package #1824 Commits See full diff in compare view...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.1.0 to 7.0.5. Release notes Sourced from peter-evans/create-pull-request's releases. Create Pull Request v7.0.5 ⚙️ Fixes an issue with commit signing to allow it to support symlinks What's...
