Add cve scan for PRs.

cfpb · Aug 22, 2024 · fabd318 · fabd318
1 parent fec6a8f
commit fabd318
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/.github/workflows/pr-cve-scan.yml b/.github/workflows/pr-cve-scan.yml
@@ -0,0 +1,32 @@
+name: HMDA PR CVE Scan
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up docker build
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build docker image
+        run: docker build -t cve-image:pr-${{ github.event.number }} .
+
+      - name: Install docker scout
+        run: | 
+          curl -fsSL https://get.docker.com/scout | sh
+
+      - name: Check image for CVEs
+        run: |
+          docker scout cve cve-image:pr-${{ github.event.number }}
+
+      - name: Remove docker image
+        run: |
+          docker rmi cve-image:pr-${{ github.event.number }}