GoSec pulling the image before docker hub login
majidlun3x opened this issue · 1 comments
majidlun3x commented
I am trying to use gosec in github action, but i am getting the error :
my workflow already have docker hub login step before go-sec
`jobs:
Scan:
name: CI Scan
timeout-minutes: 45
runs-on: codebuild-${{ github.event.repository.name }}-build-${{ github.run_id }}-${{ github.run_attempt }}
steps:
# Install Go
- name: Install GO
uses: actions/setup-go@v4
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
# Docker Login
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
# Checkout code
- name: Checkout
id: checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.RW_GITHUB_TOKEN }}
submodules: recursive
# Configure Git
- name: Configure GIT
run: git config --global url.https://$GH_ACCESS_TOKEN@github.com/.insteadOf https://github.com/
# Configure AWS creds
- name: Configure AWS creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.PF_CUSTOMER_GITHUB_ACTIONS_AWS_ROLE_ARN }}
role-duration-seconds: 3600
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# Prepare environment
- name: Prepare environment
run: make environment-test
# List running containers
- name: List running containers
run: docker ps
# Unit tests
- name: Unit tests
run: |
make test-unit
make test-public-unit
# Integration tests
- name: Integration tests
run: make test-integration
# Coverage
- name: Coverage aggregation
run: make merge-coverage
# Test results
- name: Test result aggregation
run: make merge-test-results
# GoSec scan
- name: Gosec scan
id: gosec
uses: securego/gosec@master
with:
args: -no-fail -fmt sonarqube -out report.json ./...`
ccojocar commented
This is not a gosec issue. docker hub seems to have some temporary unavailability.