Skip to content

Commit cc5fa03

Browse files
higakikeitahigakikeita
committed
Switch to CLI-based Sysdig scan using curl
1 parent 074d20b commit cc5fa03

File tree

1 file changed

+4
-13
lines changed

1 file changed

+4
-13
lines changed

.github/workflows/sysdig-scan.yml

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ on:
1212

1313
jobs:
1414
scan:
15-
name: Sysdig Scan Docker + IaC
15+
name: Sysdig Scan Docker + IaC (Docker version)
1616
runs-on: ubuntu-latest
1717

1818
steps:
@@ -27,19 +27,10 @@ jobs:
2727
docker build -t vote-image ./vote
2828
docker save vote-image -o vote-image.tar
2929
30-
- name: Download Sysdig CLI Scanner (latest for amd64)
30+
- name: Scan Docker image from archive with Sysdig
3131
run: |
32-
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
33-
chmod +x sysdig-cli-scanner
34-
35-
- name: Scan Docker image from archive
36-
run: |
37-
./sysdig-cli-scanner --standalone --input-file vote-image.tar vote-image:ci --console-log --detailed-policies-eval --full-vulns-table
38-
env:
39-
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
32+
docker run --rm --platform linux/amd64 -e SECURE_API_TOKEN=${{ secrets.SYSDIG_SECURE_TOKEN }} -v ${{ github.workspace }}/vote-image.tar:/tmp/vote-image.tar quay.io/sysdig/sysdig-cli-scanner:latest --standalone --input-file /tmp/vote-image.tar vote-image:ci
4033
4134
- name: Scan IaC (k8s-specifications)
4235
run: |
43-
./sysdig-cli-scanner --apiurl ${{ secrets.SYSDIG_API_URL }} --iac scan ./k8s-specifications
44-
env:
45-
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
36+
docker run --rm --platform linux/amd64 -e SECURE_API_TOKEN=${{ secrets.SYSDIG_SECURE_TOKEN }} -v ${{ github.workspace }}:/iac quay.io/sysdig/sysdig-cli-scanner:latest --apiurl ${{ secrets.SYSDIG_API_URL }} --iac scan /iac/k8s-specifications

0 commit comments

Comments
 (0)