Skip to content
Scan Antrea Docker images for vulnerabilities before release

Automated cherry pick of #7076: Document SecondaryNetwork support for SR-IOV (#7076) #522

Sign in to view logs

Automated cherry pick of #7076: Document SecondaryNetwork support for SR-IOV (#7076)

Automated cherry pick of #7076: Document SecondaryNetwork support for SR-IOV (#7076) #522

Workflow file for this run

.github/workflows/trivy_scan_before_release.yml at 9b0dc32
name: Scan Antrea Docker images for vulnerabilities before release
on:
pull_request:
branches:
- release-*
jobs:
build:
if: startsWith(github.event.pull_request.title, 'Release ')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker
- name: Build Antrea Docker image
run: |
./hack/build-antrea-linux-all.sh --pull
- name: Install Trivy
uses: aquasecurity/[email protected]
- name: Download Trivy DB
# Always download the latest DB for releases, don't use a cached version.
# Try downloading the vulnerability DB up to 5 times, to account for TOOMANYREQUESTS errors.
# Need to specify the correct location for the download (using --cache-dir), so that
# aquasecurity/trivy-action can find it.
run: |
for i in {1..5}; do trivy image --download-db-only --cache-dir $GITHUB_WORKSPACE/.cache/trivy && break || sleep 1; done
- name: Run Trivy vulnerability scanner on the antrea-agent Docker image
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: 'antrea/antrea-agent-ubuntu:latest'
trivy-config: '.trivy.yml'
skip-setup-trivy: true
cache: 'false'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Run Trivy vulnerability scanner on the antrea-controller Docker image
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: 'antrea/antrea-controller-ubuntu:latest'
trivy-config: '.trivy.yml'
skip-setup-trivy: true
cache: 'false'
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true