From 78cf6f182b39583aa08b20cac7f9891bed3e2fb7 Mon Sep 17 00:00:00 2001
From: Seth Simmons <ssimmons2@theark.cloud>
Date: Fri, 26 Mar 2021 11:04:33 -0400
Subject: [PATCH] Add image scanning to Github Actions

---
 .github/workflows/update-base-image.yml    | 7 +++++++
 .github/workflows/update-image-on-push.yml | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/.github/workflows/update-base-image.yml b/.github/workflows/update-base-image.yml
index 88affbc..6369905 100644
--- a/.github/workflows/update-base-image.yml
+++ b/.github/workflows/update-base-image.yml
@@ -47,6 +47,13 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
           cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/simple-monerod:latest
           cache-to: type=inline
+      - 
+        name: Scan new image and output results
+        uses: Azure/container-scan@v0
+        with:
+          image-name: ${{ secrets.DOCKER_USERNAME }}/simple-monerod:${{ steps.get_tag.outputs.tag }}
+          run-quality-checks: true
+          severity-threshold: MEDIUM
       -
         name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
\ No newline at end of file
diff --git a/.github/workflows/update-image-on-push.yml b/.github/workflows/update-image-on-push.yml
index dead67b..64a8ce4 100644
--- a/.github/workflows/update-image-on-push.yml
+++ b/.github/workflows/update-image-on-push.yml
@@ -48,6 +48,13 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
           cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/simple-monerod:latest
           cache-to: type=inline
+      - 
+        name: Scan new image and output results
+        uses: Azure/container-scan@v0
+        with:
+          image-name: ${{ secrets.DOCKER_USERNAME }}/simple-monerod:${{ steps.get_tag.outputs.tag }}
+          run-quality-checks: true
+          severity-threshold: MEDIUM
       -
         name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
\ No newline at end of file