From 99003c54afaad5d413327befe2d76a9822d4244c Mon Sep 17 00:00:00 2001 From: borislavr Date: Thu, 23 Oct 2025 08:19:19 +0000 Subject: [PATCH] feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies Related issue: https://github.com/Netcracker/.github/issues/190 --- .github/workflows/security-scan.yml | 59 +++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/security-scan.yml diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml new file mode 100644 index 00000000..fc1e926b --- /dev/null +++ b/.github/workflows/security-scan.yml @@ -0,0 +1,59 @@ +name: Security Scan +on: + workflow_dispatch: + inputs: + target: + description: "Scan part" + required: true + default: "docker" + type: choice + options: + - docker + - source + image: + description: "Docker image (for 'docker' target). By default ghcr.io//:latest" + required: false + default: "" + only-high-critical: + description: "Scan only HIGH + CRITICAL" + required: false + default: true + type: boolean + trivy-scan: + description: "Run Trivy scan" + required: false + default: true + type: boolean + grype-scan: + description: "Run Grype scan" + required: false + default: true + type: boolean + continue-on-error: + description: "Continue on error" + required: false + default: true + type: boolean + only-fixed: + description: "Show only fixable vulnerabilities" + required: false + default: true + type: boolean + +permissions: + contents: read + security-events: write + actions: read + packages: read + +jobs: + security-scan: + uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@main + with: + target: ${{ github.event.inputs.target || 'source' }} + image: ${{ github.event.inputs.image || '' }} + only-high-critical: ${{ inputs.only-high-critical}} + trivy-scan: ${{ inputs.trivy-scan }} + grype-scan: ${{ inputs.grype-scan }} + only-fixed: ${{ inputs.only-fixed }} + continue-on-error: ${{ inputs.continue-on-error }} \ No newline at end of file