@@ -170,8 +170,8 @@ jobs:
170170 run : |
171171 docker run --env-file frontend/.env.example ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-e2e:latest pnpm run test:e2e
172172
173- build-docker- staging-images :
174- name : Build Docker Staging Images
173+ build-staging-images :
174+ name : Build Staging Images
175175 environment : staging
176176 if : |
177177 github.repository == 'OWASP/Nest' &&
@@ -228,6 +228,25 @@ jobs:
228228 push : true
229229 tags : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
230230
231+ scan-staging-images :
232+ name : Scan Staging Images
233+ needs : build-staging-images
234+ runs-on : ubuntu-latest
235+ steps :
236+ - name : Scan backend image
237+ uses : aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
238+ with :
239+ exit-code : 1
240+ image-ref : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging
241+ severity : ' HIGH,CRITICAL'
242+
243+ - name : Scan frontend image
244+ uses : aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
245+ with :
246+ exit-code : 1
247+ image-ref : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
248+ severity : ' HIGH,CRITICAL'
249+
231250 deploy-staging-nest :
232251 name : Deploy Nest Staging
233252 env :
@@ -239,7 +258,7 @@ jobs:
239258 github.repository == 'OWASP/Nest' &&
240259 github.ref == 'refs/heads/main'
241260 needs :
242- - build-docker -staging-images
261+ - scan -staging-images
243262 runs-on : ubuntu-latest
244263 steps :
245264 - name : Check out repository
@@ -371,6 +390,25 @@ jobs:
371390 push : true
372391 tags : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
373392
393+ scan-production-images :
394+ name : Scan Production Images
395+ needs : build-docker-production-images
396+ runs-on : ubuntu-latest
397+ steps :
398+ - name : Scan backend image
399+ uses : aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
400+ with :
401+ exit-code : 1
402+ image-ref : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production
403+ severity : ' HIGH,CRITICAL'
404+
405+ - name : Scan frontend image
406+ uses : aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
407+ with :
408+ exit-code : 1
409+ image-ref : ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
410+ severity : ' HIGH,CRITICAL'
411+
374412 deploy-production-nest :
375413 name : Deploy Nest to Production
376414 env :
@@ -382,7 +420,7 @@ jobs:
382420 github.event_name == 'release' &&
383421 github.event.action == 'published'
384422 needs :
385- - build-docker -production-images
423+ - scan -production-images
386424 runs-on : ubuntu-latest
387425 steps :
388426 - name : Check out repository
0 commit comments