diff --git a/code-scanning/sysdig-scan.yml b/code-scanning/sysdig-scan.yml index ea52006..58b4543 100644 --- a/code-scanning/sysdig-scan.yml +++ b/code-scanning/sysdig-scan.yml @@ -20,24 +20,35 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: Build the Docker image - run: docker build . --file Dockerfile --tag ${{ github.head_ref }}:latest + # Tag image to be built + # Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag below + run: docker build . --file Dockerfile --tag ${{ github.repository }}:latest - name: Sysdig Secure Inline Scan id: scan uses: sysdiglabs/scan-action@v3 with: - # Tag of the image to analyse - image-tag: "${{ github.head_ref }}:latest" + # Tag of the image to analyse. + # Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag above + image-tag: ${{ github.repository }}:latest # API token for Sysdig Scanning auth - sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }} + sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN}} + # Sysdig secure endpoint. Please read: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/ + # US-East https://secure.sysdig.com + # US-West https://us2.app.sysdig.com + # EU https://eu1.app.sysdig.com + sysdig-secure-url: https://us2.app.sysdig.com dockerfile-path: ./Dockerfile input-type: docker-daemon ignore-failed-scan: true + # Sysdig inline scanner requires privileged rights + run-as-user: root - uses: github/codeql-action/upload-sarif@v1 + #Upload SARIF file if: always() with: - sarif_file: ${{ steps.scan.outputs.sarifReport } + sarif_file: ${{ steps.scan.outputs.sarifReport }} \ No newline at end of file