Switch to CLI-based Sysdig scan using curl

higakikeita · higakikeita · commit ec74eaaf09af · 2025-07-21T06:29:03.000+09:00
diff --git a/.github/workflows/sysdig-scan.yml b/.github/workflows/sysdig-scan.yml
@@ -12,7 +12,7 @@ on:
 
 jobs:
   scan:
-    name: Sysdig Scan Docker + IaC (loaded image method)
+    name: Sysdig Scan Docker + IaC (with docker.sock)
     runs-on: ubuntu-latest
 
     steps:
@@ -25,16 +25,11 @@ jobs:
       - name: Build vote image
         run: |
           docker build -t vote-image ./vote
-          docker save vote-image -o vote-image.tar
+          docker tag vote-image vote-image:ci
 
-      - name: Load and tag image
+      - name: Scan Docker image using docker.sock
         run: |
-          docker load -i vote-image.tar
-          docker tag vote-image:latest vote-image:ci
-
-      - name: Scan Docker image using tag
-        run: |
-          docker run --rm             -e SECURE_API_TOKEN=${{ secrets.SYSDIG_SECURE_TOKEN }}             quay.io/sysdig/sysdig-cli-scanner:latest             --apiurl ${{ secrets.SYSDIG_API_URL }}             vote-image:ci
+          docker run --rm             -v /var/run/docker.sock:/var/run/docker.sock             -e SECURE_API_TOKEN=${{ secrets.SYSDIG_SECURE_TOKEN }}             quay.io/sysdig/sysdig-cli-scanner:latest             --apiurl ${{ secrets.SYSDIG_API_URL }}             vote-image:ci
 
       - name: Scan IaC (k8s-specifications)
         run: |
