eu-regulations

Overview Schema Related Servers Score Discussions

docker-security.yml•5.43 KiB

name: Docker Security Scan on: push: branches: [ main ] pull_request: branches: [ main ] schedule: # Daily at 3 AM UTC (aligns with dependency scans) - cron: '0 3 * * *' workflow_dispatch: permissions: contents: read security-events: write packages: read jobs: container-scan: name: Container Image Security Scan runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image for scanning uses: docker/build-push-action@v5 with: context: . file: Dockerfile push: false load: true tags: eu-regulations-mcp:scan platforms: linux/amd64 # Azure Container Apps requirement cache-from: type=gha cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner (SARIF) uses: aquasecurity/trivy-action@master with: image-ref: eu-regulations-mcp:scan format: 'sarif' output: 'trivy-container.sarif' severity: 'CRITICAL,HIGH,MEDIUM' vuln-type: 'os,library' ignore-unfixed: false exit-code: '0' # Don't fail build, just report - name: Upload Trivy SARIF to GitHub Security uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-container.sarif' category: 'trivy-container' - name: Run Trivy for JSON report (audit evidence) uses: aquasecurity/trivy-action@master with: image-ref: eu-regulations-mcp:scan format: 'json' output: 'trivy-container.json' severity: 'CRITICAL,HIGH,MEDIUM,LOW' vuln-type: 'os,library' - name: Run Trivy for table output (summary) uses: aquasecurity/trivy-action@master with: image-ref: eu-regulations-mcp:scan format: 'table' severity: 'CRITICAL,HIGH' vuln-type: 'os,library' - name: Upload container scan artifacts uses: actions/upload-artifact@v4 if: always() with: name: container-scan-results path: | trivy-container.sarif trivy-container.json retention-days: 90 sbom-generation: name: Generate SBOM (Software Bill of Materials) runs-on: ubuntu-latest needs: container-scan if: always() && !cancelled() steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build image for SBOM uses: docker/build-push-action@v5 with: context: . file: Dockerfile push: false load: true tags: eu-regulations-mcp:sbom platforms: linux/amd64 cache-from: type=gha - name: Generate SBOM (CycloneDX format) uses: anchore/sbom-action@v0 with: image: eu-regulations-mcp:sbom format: cyclonedx-json output-file: sbom-eu-regulations-mcp-cyclonedx.json artifact-name: sbom-cyclonedx - name: Generate SBOM (SPDX format) uses: anchore/sbom-action@v0 with: image: eu-regulations-mcp:sbom format: spdx-json output-file: sbom-eu-regulations-mcp-spdx.json artifact-name: sbom-spdx - name: Upload SBOM artifacts uses: actions/upload-artifact@v4 with: name: sbom-eu-regulations-mcp path: | sbom-eu-regulations-mcp-cyclonedx.json sbom-eu-regulations-mcp-spdx.json retention-days: 365 # Long retention for compliance evidence security-summary: name: Security Scan Summary runs-on: ubuntu-latest needs: [container-scan, sbom-generation] if: always() steps: - name: Generate summary run: | echo "## Docker Security Scan Summary" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Image:** eu-regulations-mcp:scan" >> $GITHUB_STEP_SUMMARY echo "**Platform:** linux/amd64 (Azure Container Apps)" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY echo "| Container Scan | ${{ needs.container-scan.result }} |" >> $GITHUB_STEP_SUMMARY echo "| SBOM Generation | ${{ needs.sbom-generation.result }} |" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### Artifacts" >> $GITHUB_STEP_SUMMARY echo "- **Trivy SARIF/JSON**: 90-day retention (audit evidence)" >> $GITHUB_STEP_SUMMARY echo "- **SBOM (CycloneDX + SPDX)**: 365-day retention (compliance)" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### About This Scan" >> $GITHUB_STEP_SUMMARY echo "This workflow scans the EU Regulations MCP **Docker container image** for:" >> $GITHUB_STEP_SUMMARY echo "- OS package vulnerabilities (Debian base)" >> $GITHUB_STEP_SUMMARY echo "- Node.js dependency vulnerabilities" >> $GITHUB_STEP_SUMMARY echo "- Container configuration issues" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "For **dependency-only** scans (package.json), see the trivy.yml workflow." >> $GITHUB_STEP_SUMMARY

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mortalus/eu-regulations'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

docker-security.yml•5.43 KiB