Twice a week image scan #7

Workflow file for this run

.github/workflows/scheduled-image-scan.yml at 4b60ca8

	name: Twice a week image scan
	# Temporarily adding on push for testing
	on:
	schedule:
	- cron: "0 0 * * 0,3"
	workflow_dispatch: {}

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	base-image-scan:
	name: scan images
	runs-on: ubuntu-latest
	strategy:
	matrix:
	image:
	[
	{ name: kserve-controller, file: Dockerfile },
	{ name: agent, file: agent.Dockerfile },
	{
	name: storage-initializer,
	file: python/storage-initializer.Dockerfile,
	},
	{ name: router, file: router.Dockerfile },
	]

	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Security scan on docker image
	uses: snyk/actions/docker@master
	id: docker-image-scan
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: kserve/${{ matrix.image.name }}
	args: --severity-threshold=low
	--file=${{ matrix.image.file }}
	--sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
	sarif: false

	- name: Upload sarif file to Github Code Scanning
	if: always()
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: application/${{ matrix.image.name }}/docker.snyk.sarif

	predictor-image-scan:
	name: scan predictor images
	runs-on: ubuntu-latest
	strategy:
	matrix:
	image:
	[
	{ name: sklearnserver, file: python/sklearn.Dockerfile },
	{ name: xgbserver, file: python/xgb.Dockerfile },
	{ name: pmmlserver, file: python/pmml.Dockerfile },
	{ name: paddleserver, file: python/paddle.Dockerfile },
	]

	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Security scan on docker image
	uses: snyk/actions/docker@master
	id: docker-image-scan
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: kserve/${{ matrix.image.name }}
	args: --severity-threshold=low
	--file=${{ matrix.image.file }}
	--sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
	sarif: false

	- name: Upload sarif file to Github Code Scanning
	if: always()
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: application/${{ matrix.image.name }}/docker.snyk.sarif

	explainer-image-scan:
	name: scan explainer images
	runs-on: ubuntu-latest
	strategy:
	matrix:
	image:
	[
	{ name: alibi-explainer, file: python/alibiexplainer.Dockerfile },
	{ name: art-explainer, file: python/artexplainer.Dockerfile },
	]

	steps:
	- name: Checkout
	uses: actions/checkout@v2

	- name: Security scan on docker image
	uses: snyk/actions/docker@master
	id: docker-image-scan
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: kserve/${{ matrix.image.name }}
	args: --severity-threshold=low
	--file=${{ matrix.image.file }}
	--sarif-file-output=./application/${{ matrix.image.name }}/docker.snyk.sarif
	sarif: false

	- name: Upload sarif file to Github Code Scanning
	if: always()
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: application/${{ matrix.image.name }}/docker.snyk.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Twice a week image scan #7

Workflow file

Twice a week image scan #7

Jobs

Run details

Workflow file for this run