diff --git a/.github/workflows/cleanup-untagged-images.yml b/.github/workflows/cleanup-untagged-images.yml new file mode 100644 index 0000000..37dd0be --- /dev/null +++ b/.github/workflows/cleanup-untagged-images.yml @@ -0,0 +1,20 @@ +name: Cleanup untagged images + +on: + schedule: + - cron: "0 0 * * *" + +jobs: + clean: + name: Delete untagged images + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03 # v3.0.0 + with: + account: ${{ github.repository_owner }} + token: ${{ secrets.GITHUB_TOKEN }} + image-names: ${{ github.event.repository.name }} + tag-selection: "untagged" + cut-off: "1d" diff --git a/trivy.yaml b/trivy.yaml new file mode 100644 index 0000000..f595cea --- /dev/null +++ b/trivy.yaml @@ -0,0 +1,13 @@ +# Trivy configuration file +# https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/ +# Can be deleted after public ecr mirror will be added by default +db: + no-progress: true + repository: + - ghcr.io/aquasecurity/trivy-db:2 + - public.ecr.aws/aquasecurity/trivy-db:2 + java-repository: + - ghcr.io/aquasecurity/trivy-java-db:1 + - public.ecr.aws/aquasecurity/trivy-java-db:1 +misconfiguration: + checks-bundle-repository: public.ecr.aws/aquasecurity/trivy-checks