Merge pull request #53 from arnested/anchor-scan

Add Anchor Scan of Docker image

Author: arnested

.github/workflows/docker-image-security-scan.yml

@@ -0,0 +1,31 @@
+on: push
+name: Docker image security scan
+jobs:
+  security-scan:
+    name: Docker build and scan
+    if: '!github.event.deleted'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/[email protected]
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@master
+    - name: Build Docker image
+      uses: docker/build-push-action@v2
+      with:
+        builder: ${{ steps.buildx.outputs.name }}
+        tags: ${{ github.repository }}:test
+        push: false
+        load: true
+    - name: Scan Docker image
+      uses: anchore/scan-action@v2
+      id: scan
+      with:
+        image: ${{ github.repository }}:test
+        acs-report-enable: true
+        fail-build: true
+    - name: Upload Anchore scan SARIF report
+      uses: github/codeql-action/upload-sarif@v1
+      if: ${{ always() }}
+      with:
+        sarif_file: ${{ steps.scan.outputs.sarif }}