ministryofjustice/Claim-for-Crown-Court-Defence

View on GitHub
.github/workflows/docker_image_scan.yml

Summary

Maintainability
Test Coverage
name: Scan docker image
on:
  schedule:
    - cron: '0 7 * * *'

jobs:
  scan-docker-image:
    runs-on: ubuntu-latest
    name: Scan docker image
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Build docker image
      run: |
        docker build \
          --tag cccd:scan \
          --file docker/Dockerfile .

    - name: Scan docker image using snyk
      id: image-scan
      continue-on-error: true
      uses: snyk/actions/docker@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        image: cccd:scan
        args: --file=docker/Dockerfile

    - name: Monitor docker image using snyk
      id: image-monitor
      uses: snyk/actions/docker@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        command: monitor
        image: cccd:scan
        args: --file=docker/Dockerfile

    - name: Upload result to GitHub Code Scanning
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: snyk.sarif

    - name: Slack notify failure
      if: ${{ steps.image-scan.outcome == 'failure' }}
      uses: rtCamp/action-slack-notify@v2
      env:
        SLACK_USERNAME: Snyk docker image scan
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
        SLACK_CHANNEL: laa-cccd-alerts
        SLACK_ICON_EMOJI: ':snyk:'
        SLACK_COLOR: ${{ steps.image-scan.outcome }}
        SLACK_TITLE: Scanned ${{ github.repository }}
        SLACK_MESSAGE: docker scan detected vulnerabilites! @laa-claim-for-payment-devs
        SLACK_LINK_NAMES: true
        SLACK_FOOTER:

    - name: Slack notify success
      if: ${{ steps.image-scan.outcome == 'success' }}
      uses: rtCamp/action-slack-notify@v2
      env:
        SLACK_USERNAME: Snyk docker image scan
        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
        SLACK_CHANNEL: laa-claim-for-payment-development
        SLACK_ICON_EMOJI: ':snyk:'
        SLACK_COLOR: ${{ steps.image-scan.outcome }}
        SLACK_TITLE: Scanned ${{ github.repository }}
        SLACK_MESSAGE: docker scan found no vulnerabilites!
        SLACK_FOOTER: