Skip to content

Grype WAR security scan #1729

Grype WAR security scan

Grype WAR security scan #1729

Workflow file for this run

#############################################################################
# Workflow for using Grype to scan for security issues in IRIDA dependencies
#############################################################################
name: Grype WAR security scan
on:
pull_request: # Run on all pull requests
push:
branches: # Run on any push to development or main
- development
- main
schedule: # Run daily on development and weekly on main
- cron: 0 1 * * *
branches: development
- cron: 0 2 * * 0
branches: main
jobs:
war-build: # Gradle integration tests
runs-on: ubuntu-20.04 #See pre-installed software at https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md
steps:
- uses: actions/checkout@v3 #Checkout the project from git
- name: Get pnpm store directory
id: pnpm-cache
run: |
echo "::set-output name=pnpm_cache_dir::$(./gradlew pnpmCacheDir -q)"
- name: Setup pnpm cache
uses: actions/cache@v3
with:
path: ${{ steps.pnpm-cache.outputs.pnpm_cache_dir }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Set up JDK 17 # Installs java 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Validate Gradle wrapper
uses: gradle/wrapper-validation-action@v1
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Build WAR file # Build the WAR file
id: package
run: |
./gradlew clean build -xtest
- name: Link WAR file
run: |
ln -s build/dist/irida-*.war irida.war
ls -l irida.war
- name: Scan image
id: scan
uses: anchore/scan-action@v3
with:
image: irida.war
fail-build: false
acs-report-enable: true
- name: Inspect action SARIF report
run: cat ${{ steps.scan.outputs.sarif }}
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}