Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/phonito/phonito-scanner-action

Free Docker Vulnerability Scanning for CI/CD integration
https://github.com/phonito/phonito-scanner-action

Last synced: 6 days ago
JSON representation

Free Docker Vulnerability Scanning for CI/CD integration

Host: GitHub
URL: https://github.com/phonito/phonito-scanner-action
Owner: phonito
Created: 2019-10-25T22:50:08.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-11-13T09:27:10.000Z (12 months ago)
Last Synced: 2024-10-24T15:44:56.993Z (15 days ago)
Language: JavaScript
Homepage: https://phonito.io
Size: 704 KB
Stars: 31
Watchers: 4
Forks: 3
Open Issues: 5
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-actions - A vulnerability scanner for your docker images
fucking-awesome-actions - A vulnerability scanner for your docker images
awesome-workflows - A vulnerability scanner for your docker images

README

        # Phonito Security Docker Vulnerability Scanner

This action automates scanning Docker images for OS & library vulnerabilities. You will need a Phonito Secuirty account which you can get for free at https://phonito.io.

Example output:

```bash

Phonito Scan Complete!

==============================================

4 CVEs present image.

==============================================

┌────────────────┬───────────┬──────────┬───────────────────┐

│ CVE ID         │ Product   │ Severity │ Installed Version │

├────────────────┼───────────┼──────────┼───────────────────┤

│ CVE-2016-3189  │ bzip2     │ MEDIUM   │ 1.0.6             │

├────────────────┼───────────┼──────────┼───────────────────┤

│ CVE-2017-18018 │ coreutils │ MEDIUM   │ 8.28              │

├────────────────┼───────────┼──────────┼───────────────────┤

│ CVE-2016-2781  │ coreutils │ MEDIUM   │ 8.28              │

├────────────────┼───────────┼──────────┼───────────────────┤

│ CVE-2005-0758  │ gzip      │ MEDIUM   │ 1.6               │

└────────────────┴───────────┴──────────┴───────────────────┘

```

## Inputs

### `image`

**Required** The docker image you want to scan for example: "app:latest" or "nodejs:latest"

### `fail-level`

**Required** The minimum severity of a vulnerability that will fail the build.

e.g. `LOW` to fail all builds containing any vulnerability or `CRITICAL` to only fail on severe vulnerabilities but not `MEDIUM` ones.

options: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`

### `phonito-token`

**Required** Your api token for Phonito Security. Get it here: https://phonito.io/setup-ci

## Example usage

```yaml

name: Build & Scan Docker Image

on: [push]

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v1

      - name: Set tag var

        id: vars

        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}

      - name: Build the Docker image

        run: docker build . --file Dockerfile --tag myapp:${{ steps.vars.outputs.docker_tag }}

      - name: Scan with Phonito Security

        uses: phonito/phonito-scanner-action@master

        with:

          image: myapp:${{ steps.vars.outputs.docker_tag }}

          phonito-token: ${{ secrets.PHONITO_TOKEN }}

```