Merge pull request #1110 from manuelbcd/main

Sysdig inline scanning
This commit is contained in:
Nick Fyson
2021-10-06 10:14:48 +01:00
committed by GitHub
3 changed files with 62 additions and 0 deletions
@@ -0,0 +1,7 @@
{
"name": "Sysdig Inline Scan",
"creator": "Sysdig",
"description": "Performs analysis on locally built container image and posts the results in SARIF report",
"iconName": "sysdig-scan",
"categories": ["Code Scanning", "Dockerfile", "C", "C#", "C++", "Go", "Java", "JavaScript", "Node", "Python", "Powershell", "Ruby"]
}
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Sysdig - Build, scan, push and upload sarif report
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build the Docker image
# Tag image to be built
# Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag below
run: docker build . --file Dockerfile --tag ${{ github.repository }}:latest
- name: Sysdig Secure Inline Scan
id: scan
uses: sysdiglabs/scan-action@768d7626a14897e0948ea89c8437dd46a814b163
with:
# Tag of the image to analyse.
# Change ${{ github.repository }} variable by another image name if you want but don't forget changing also image-tag above
image-tag: ${{ github.repository }}:latest
# API token for Sysdig Scanning auth
sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN}}
# Sysdig secure endpoint. Please read: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/
# US-East https://secure.sysdig.com
# US-West https://us2.app.sysdig.com
# EU https://eu1.app.sysdig.com
sysdig-secure-url: https://us2.app.sysdig.com
dockerfile-path: ./Dockerfile
input-type: docker-daemon
ignore-failed-scan: true
# Sysdig inline scanner requires privileged rights
run-as-user: root
- uses: github/codeql-action/upload-sarif@v1
#Upload SARIF file
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarifReport }}
+1
View File
@@ -0,0 +1 @@
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 217 208"><defs><style>.cls-1,.cls-4,.cls-5{fill:none;}.cls-2{fill:#fff;}.cls-3{fill:#00b4c8;}.cls-4,.cls-5{stroke:#0e0f26;stroke-miterlimit:10;}.cls-4{stroke-width:5px;}.cls-5{stroke-width:1.58px;}.cls-6{clip-path:url(#clip-path);}</style><clipPath id="clip-path"><path class="cls-1" d="M169.52,163.25l-11.58,11.59-34-34,3.47-3.49-17.77-17.77L86.85,142.4,58.33,113.88c-28-28-11.66-73.47-11.66-73.47Z"/></clipPath></defs><title>Artboard 1</title><polygon class="cls-2" points="146.89 118.9 123.95 140.85 157.94 174.84 181.1 151.67 146.89 118.9"/><path class="cls-2" d="M143.62,121.16l-17.77-17.77,22.82-22.81L120.15,52.06c-28-28-73.48-11.65-73.48-11.65S30.33,85.89,58.33,113.88L86.85,142.4l22.8-22.81,17.77,17.77Z"/><path class="cls-2" d="M64.3,58c-1.88,11.3-2.46,29.18,9.12,40.76l13.43,13.43"/><path class="cls-3" d="M169.52,163.25l-11.58,11.59-34-34,3.47-3.49-17.77-17.77L86.85,142.4,58.33,113.88c-28-28-11.66-73.47-11.66-73.47Z"/><path class="cls-4" d="M143.62,121.16l-17.77-17.77,22.82-22.81L120.15,52.06c-28-28-73.48-11.65-73.48-11.65S30.33,85.89,58.33,113.88L86.85,142.4l22.8-22.81,17.77,17.77Z"/><rect class="cls-5" x="136.14" y="122.23" width="32.76" height="48.06" transform="translate(363.8 141.83) rotate(135)"/><rect class="cls-4" x="136.14" y="122.23" width="32.76" height="48.06" transform="translate(363.8 141.83) rotate(135)"/><g class="cls-6"><path class="cls-4" d="M72.74,37.84,67.63,50.05a53.59,53.59,0,0,0-4,26.42c.86,7.93,3.57,16,9.84,22.32l13.43,13.43"/></g></svg>

After

Width:  |  Height:  |  Size: 1.6 KiB