gy95 · gy95 · Jan 13, 2023 · Jan 16, 2023
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -1 +1 @@
-For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.
+For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.asdfasdf
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -296,4 +296,4 @@ jobs:
         with:
           fetch-depth: 0
 
-      - run: make image
+      - run: make image
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -0,0 +1,42 @@
+name:  scan vulnerabilities
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+
+      - name: Download trivy
+        run: |
+          pushd $(mktemp -d)
+          wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
+          tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
+          echo "$(pwd)" >> $GITHUB_PATH
+        env:
+          TRIVY_VERSION: "0.32.1"
+
+      - name: Run trivy on git repository
+        run: |
+          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+
+      - name: Build docker images
+        run: make image
+
+      - name: Run trivy on images
+        strategy:
+          matrix:
+            target: [ cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptablesmanager, edgemark, installation-package, controllermanager ]
+        run: |
+            images=`docker images | grep ${{ matrix.target }} | awk '{print $1":"$2}'`
+            for vuln_type in "os" "library"; do
+              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${images}"
+            done
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.
		For further details please see [Security Policy](https://github.com/kubeedge/community/blob/master/team-security/SECURITY.md) for our security process and how to report vulnerabilities.asdfasdf