fix(security): vulnerabilities found in corda-4-8-all-in-one Fixes #2064 #366

	name: azure-container-image-scan

	on:
	push:
	pull_request:
	# Publish `main` as Docker `latest` image.
	branches:
	- main

	# Publish `v1.2.3` tags as releases.
	tags:
	- v*


	jobs:
	build-secure-and-push-8:
	name: Scan cactus-corda-4-8-all-in-one-obligation image
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/[email protected]
	env:
	# (Required) The token to use to make API calls to GitHub.
	GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

	- uses: actions/checkout@v1
	- name: Login to DockerHub Registry
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin


	- name: Build Images from Dockerfile
	run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-4-8-all-in-one-obligation


	- uses: Azure/[email protected]
	name: Scan image for vulnerabilities
	id: container-scan
	continue-on-error: true
	with:
	image-name: cactus-corda-4-8-all-in-one-obligation

Provide feedback