Skip to content
Security Scanning 🕵️

chore(deps): update dependency openvox-server to v8.11.0-1+ubuntu24.04 #140

Sign in to view logs

chore(deps): update dependency openvox-server to v8.11.0-1+ubuntu24.04

chore(deps): update dependency openvox-server to v8.11.0-1+ubuntu24.04 #140

Workflow file for this run

.github/workflows/security_scanning.yml at ca6a1b9
---
name: Security Scanning 🕵️
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read # minimal required permissions to clone repo
jobs:
setup-matrix:
runs-on: ubuntu-latest
outputs:
build_matrix: ${{ steps.set-build-matrix.outputs.build_matrix }}
steps:
- name: Source checkout
uses: actions/checkout@v5
- name: 'Setup yq'
uses: dcarbone/[email protected]
- id: set-build-matrix
run: echo "build_matrix=$(bash matrix.sh build)" >> $GITHUB_OUTPUT
scan_ci_container:
name: 'Scan ${{ matrix.platform }} CI container'
runs-on: ${{ matrix.runner }}
permissions:
actions: read
contents: read
security-events: write
needs: setup-matrix
strategy:
matrix: ${{ fromJson(needs.setup-matrix.outputs.build_matrix) }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Extract version number
id: extract_version
uses: actions/github-script@v7
with:
script: |
const agentVersion = '${{ matrix.server_version }}';
const version = agentVersion.split('-')[0];
core.setOutput('version', version);
- name: Build ${{ matrix.platform }} CI container
uses: docker/build-push-action@v6
with:
tags: 'ci/openvoxserver:${{ steps.extract_version.outputs.version }}'
context: openvoxserver
file: openvoxserver/Containerfile
platforms: linux/${{ matrix.platform }}
push: false
build-args: |
OPENVOX_RELEASE=${{ matrix.release }}
OPENVOXSERVER_VERSION=${{ matrix.server_version }}
OPENVOXDB_VERSION=${{ matrix.db_version }}
R10K_VERSION=${{ matrix.r10k_version }}
RUGGED_VERSION=${{ matrix.rugged_version }}
JDK_VERSION=${{ matrix.jdk_version }}
- name: Scan image with Anchore Grype
uses: anchore/scan-action@v6
id: scan
with:
image: 'ci/openvoxserver:${{ steps.extract_version.outputs.version }}'
fail-build: false
- name: Inspect action SARIF report
run: jq . ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}