Skip to content

Kp test framework pt1 pd 2645 #469

Kp test framework pt1 pd 2645

Kp test framework pt1 pd 2645 #469

Workflow file for this run

#This action was copied over from WARP's repo.
#It is used to scan docker images for vulnerabilities.
name: DSP AppSec Trivy Checks
on:
pull_request:
branches: [ "develop", "master" ]
paths-ignore:
- '**/README.md'
jobs:
build-and-scan:
name: DSP AppSec Trivy check
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
context:
- 3rd-party-tools/arrays-picard-private
- 3rd-party-tools/dragmap
- 3rd-party-tools/gatk
- 3rd-party-tools/illumina-iaap-autocall
- 3rd-party-tools/picard-python
- 3rd-party-tools/verify-bam-id
- 3rd-party-tools/samtools
- 3rd-party-tools/samtools-picard-bwa
- 3rd-party-tools/samtools-star
- 3rd-party-tools/zcall
- 3rd-party-tools/bcftools-vcftools
- 3rd-party-tools/eagle
- 3rd-party-tools/minimac4
- 3rd-party-tools/fgbio
- 3rd-party-tools/umi-tools
steps:
- uses: actions/checkout@v3
- uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
context: ${{ matrix.context }}
#TODO: Check if we really need this. This seems to scan a prebuilt image that we didn't build.
prebuilt-scan:
name: DSP AppSec Trivy check
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image:
- us.gcr.io/broad-gotc-prod/picard-cloud:2.26.10
steps:
- uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ matrix.image }}