Create malware.yml #1

Workflow file for this run

.github/workflows/malware.yml at 8502045

	name: malware-scanner

	on:
	push:
	branches:
	- "*"
	pull_request:
	branches:
	- "*"

	jobs:
	malware-scanner:
	runs-on: ubuntu-latest
	env:
	GROUP: demo
	COMMIT: ${{ github.sha }}
	REPO: infra-mon
	DEEPFENCE_CONSOLE_URL: ${{secrets.DEEPFENCE_URL}}
	DEEPFENCE_KEY: ${{secrets.DEEPFENCE_KEY}}
	steps:
	- uses: actions/checkout@v4

	# Run Deepfence Malware Scanner to check for malwares in image
	- name: Run Deepfence Malware Scanner
	env:
	DEEPFENCE_CONSOLE_URL: ${{ env.DEEPFENCE_CONSOLE_URL }}
	DEEPFENCE_KEY: ${{ env.DEEPFENCE_KEY }}
	FULL_IMAGE_NAME: ${{ env.GROUP }}/${{ env.REPO }}:${{ github.sha }}
	NGINX: "nginx:latest"
	FAIL_MALWARE_COUNT: 100 # Fail build if number of malwares found is >= this number. Set -1 to pass regardless of malwares.
	FAIL_HIGH_MALWARE_COUNT: 10 # Fail build if number of high malwares found is >= this number. Set -1 to pass regardless of high malwares.
	FAIL_MEDIUM_MALWARE_COUNT: 20 # Fail build if number of medium malwares found is >= this number. Set -1 to pass regardless of medium malwares.
	FAIL_LOW_MALWARE_COUNT: 50 # Fail build if number of low malwares found is >= this number. Set -1 to pass regardless of low malwares.
	run: \|
	docker pull deepfenceio/deepfence_malware_scanner_ce:2.1.1
	docker run -i --rm --net=host --privileged=true \
	--cpus=0.3 \
	-v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_malware_scanner_ce:2.1.1 \
	-image-name "$NGINX" \
	-fail-on-count=$FAIL_MALWARE_COUNT \
	-fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT \
	-fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -\
	fail-on-low-count=$FAIL_LOW_MALWARE_COUNT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create malware.yml #1

Workflow file

Create malware.yml #1

Jobs

Run details

Workflow file for this run