Skip to content

Commit

Permalink
feat: update scanner version to 1.13.0 (#56)
Browse files Browse the repository at this point in the history
  • Loading branch information
tembleking authored Jul 29, 2024
1 parent f9727e9 commit c4f4939
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 2 deletions.
38 changes: 38 additions & 0 deletions .github/workflows/ci-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,44 @@ jobs:
echo "Scan failed as expected."
fi
scan-with-old-scanner-version:
runs-on: ubuntu-latest

steps:
# This step checks out a copy of your repository.
- name: Check out repository
uses: actions/checkout@v4

- name: Scan dummy-vuln-app from registry
id: scan
uses: ./
continue-on-error: true
with:
# Old scanner version
cli-scanner-version: 1.8.1
# Tag of the image to analyse
image-tag: sysdiglabs/dummy-vuln-app:latest
# API token for Sysdig Scanning auth
sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
stop-on-failed-policy-eval: true
stop-on-processing-error: true
severity-at-least: medium

- name: Upload SARIF file
if: success() || failure() # Upload results regardless previous step fails
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ github.workspace }}/sarif.json

- name: Check that the scan has failed
run: |
if [ "${{ steps.scan.outcome }}" == "success" ]; then
echo "Scan succeeded but the step should fail."
exit 1
else
echo "Scan failed as expected."
fi
standalone-scan-from-registry:
runs-on: ubuntu-latest

Expand Down
3 changes: 1 addition & 2 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,10 @@ description: 'Perform image analysis on locally built container image and post t
inputs:
cli-scanner-url:
description: URL to sysdig-cli-scanner binary download
default: https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.8.1/linux/amd64/sysdig-cli-scanner
required: false
cli-scanner-version:
description: Custom sysdig-cli-scanner version to download
default: "1.8.1"
default: "1.13.0"
required: false
registry-user:
description: Registry username.
Expand Down

0 comments on commit c4f4939

Please sign in to comment.