Skip to content

Added Trivy scan in CI/CD pipeline #1208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 30, 2025
Merged

Added Trivy scan in CI/CD pipeline #1208

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3c9163c
Add Trivy scanning for staging and production Docker images
Naveen-Pal Mar 29, 2025
05aba8b
Merge pull request #2 from Naveen-Pal/main
Naveen-Pal Mar 29, 2025
8350e1d
Update code
arkid15r Mar 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 42 additions & 4 deletions .github/workflows/run-ci-cd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,8 +170,8 @@ jobs:
run: |
docker run --env-file frontend/.env.example ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-e2e:latest pnpm run test:e2e

build-docker-staging-images:
name: Build Docker Staging Images
build-staging-images:
name: Build Staging Images
environment: staging
if: |
github.repository == 'OWASP/Nest' &&
Expand Down Expand Up @@ -228,6 +228,25 @@ jobs:
push: true
tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging

scan-staging-images:
name: Scan Staging Images
needs: build-staging-images
runs-on: ubuntu-latest
steps:
- name: Scan backend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging
severity: 'HIGH,CRITICAL'

- name: Scan frontend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
severity: 'HIGH,CRITICAL'

deploy-staging-nest:
name: Deploy Nest Staging
env:
Expand All @@ -239,7 +258,7 @@ jobs:
github.repository == 'OWASP/Nest' &&
github.ref == 'refs/heads/main'
needs:
- build-docker-staging-images
- scan-staging-images
runs-on: ubuntu-latest
steps:
- name: Check out repository
Expand Down Expand Up @@ -371,6 +390,25 @@ jobs:
push: true
tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production

scan-production-images:
name: Scan Production Images
needs: build-docker-production-images
runs-on: ubuntu-latest
steps:
- name: Scan backend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production
severity: 'HIGH,CRITICAL'

- name: Scan frontend image
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
with:
exit-code: 1
image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
severity: 'HIGH,CRITICAL'

deploy-production-nest:
name: Deploy Nest to Production
env:
Expand All @@ -382,7 +420,7 @@ jobs:
github.event_name == 'release' &&
github.event.action == 'published'
needs:
- build-docker-production-images
- scan-production-images
runs-on: ubuntu-latest
steps:
- name: Check out repository
Expand Down