From 4dd2c581ac45890c64f0406403370a3f3196364d Mon Sep 17 00:00:00 2001
From: Ben Busby <contact@benbusby.com>
Date: Tue, 25 Jan 2022 13:52:43 -0700
Subject: [PATCH] Add nightly container vuln scan

Introduces a new 'scan' workflow for scanning the main branch container for
vulnerabilities nightly. By default, this will fail for any 'medium' or higher
vulnerability.

Fixes #613
---
 .github/workflows/scan.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/scan.yml

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..8790e89
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,19 @@
+name: scan
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build the container image
+      run: |
+        docker build --tag whoogle-search:test .
+    - name: Initiate grype scan
+      run: |
+        curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b .
+        chmod +x ./grype
+        ./grype whoogle-search:test --only-fixed