Skip to content

Add Docker Scout security scanning to CI workflow #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 28 commits into from
Apr 22, 2025
Merged

Add Docker Scout security scanning to CI workflow #5

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
e0eaa96
Add Docker setup and CI pipeline for n8n and Temporal workflow automa…
killev Apr 18, 2025
a33801e
Pin n8n Docker image to version 1.22.0 for improved stability.
killev Apr 18, 2025
4b7a21e
Fix n8n healthcheck to use N8N_PORT environment variable instead of h…
killev Apr 18, 2025
fbe4ca8
Add Docker Scout security scanning to CI workflow
killev Apr 18, 2025
e9990be
Update Docker volume configurations to use named volumes
killev Apr 18, 2025
43c47a4
Improve Docker security and introduce service health checks
killev Apr 18, 2025
04932c7
Add service availability check to CI workflow
killev Apr 18, 2025
289c899
Update Docker Buildx action from v2 to v3 in CI workflow
killev Apr 18, 2025
47461d0
Update HEALTHCHECK format to use exec form in Docker configurations
killev Apr 18, 2025
44ae932
Add Docker volume setup script for CI service testing
killev Apr 18, 2025
b64c345
Improve CI pipeline with timeout and cleanup enhancements
killev Apr 18, 2025
c2b0281
Merge branch 'add-docker-configuration' into add-docker-security-check
killev Apr 18, 2025
6e5d39f
Remove conflict's artefact
killev Apr 18, 2025
2b9e5fb
Fix Docker Scout formatting and ignore scan results in git
killev Apr 18, 2025
5588b83
Replace direct Docker Scout usage with official docker/scout-action
killev Apr 18, 2025
e7f814e
Add GitHub authentication token to Docker Scout actions
killev Apr 18, 2025
c80b677
Update Temporal and n8n configurations with latest versions and envir…
killev Apr 20, 2025
88e1414
Improve Docker configuration with parameterized builds and better hea…
killev Apr 20, 2025
4d2dbc8
Refactor Docker configuration to use environment variables from .env …
killev Apr 21, 2025
02169cb
Add environment file copy step to GitHub workflow
killev Apr 21, 2025
737eb62
Add N8N_PORT build argument to Dockerfile
killev Apr 21, 2025
ce49d6e
Update README.md with improved documentation formatting
killev Apr 21, 2025
e5e16cb
Merge branch 'add-docker-configuration' into add-docker-security-check
killev Apr 21, 2025
6617ffe
Merge branch 'main' into add-docker-security-check
anatolyshipitz Apr 22, 2025
55144a1
Merge branch 'main' into add-docker-security-check
killev Apr 22, 2025
ba63d0a
Optimize Docker Security Scanning using matrix strategy
killev Apr 22, 2025
b67f654
Add Docker Hub authentication and enhance security scan output
killev Apr 22, 2025
1ec80e2
Remove whitespace in code-quality.yml workflow file
killev Apr 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions .github/workflows/code-quality.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,53 @@ jobs:
run: docker run --rm -i hadolint/hadolint < Dockerfile.n8n
- name: Lint Dockerfile.temporal
run: docker run --rm -i hadolint/hadolint < Dockerfile.temporal

docker-scout:
name: Docker Security Scanning
runs-on: ubuntu-latest
needs: hadolint
strategy:
matrix:
service:
- name: n8n
dockerfile: Dockerfile.n8n
tag: n8n-test:latest
- name: temporal
dockerfile: Dockerfile.temporal
tag: temporal-test:latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build ${{ matrix.service.name }} image
uses: docker/build-push-action@v5
with:
context: .
file: ${{ matrix.service.dockerfile }}
push: false
tags: ${{ matrix.service.tag }}
load: true
- name: Scan ${{ matrix.service.name }} image
uses: docker/scout-action@v1
with:
command: cves
image: ${{ matrix.service.tag }}
sarif-file: ${{ matrix.service.name }}-scan.sarif
github-token: ${{ secrets.GITHUB_TOKEN }}
summary: true
format: json
write-comment: true
- name: Upload ${{ matrix.service.name }} scan results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ matrix.service.name }}-scan.sarif
category: ${{ matrix.service.name }}

service-check:
name: Service Availability Check
Expand Down
6 changes: 6 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ mcp
mcp-config.json
.cursor/

# JetBrains IDE
.idea/

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

Expand Down Expand Up @@ -140,3 +143,6 @@ dist
.yarn/install-state.gz
.pnp.*
volumes

n8n-scan.sarif
temporal-scan.sarif
4 changes: 0 additions & 4 deletions ENV
View file
Open in desktop

This file was deleted.

Loading