updated the run commands for cli scanner #7

Workflow file for this run

.github/workflows/build-scan.yaml at d499c96

	name: Build & Scan with Sysdig (Docker Hub)

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	permissions:
	contents: read

	jobs:
	build-and-scan:
	runs-on: ubuntu-latest

	env:
	REGISTRY: docker.io
	REPO: ${{ secrets.REGISTRY_USER }}
	SYSDIG_SECURE_URL: ${{ secrets.SYSDIG_SECURE_URL }}
	SYSDIG_SECURE_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}

	steps:
	- name: Checkout source
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_TOKEN }}

	# --- Build Containers ---
	- name: Build vote image
	run: docker build -t $REGISTRY/$REPO/vote:latest ./vote

	- name: Build worker image
	run: docker build -t $REGISTRY/$REPO/worker:latest ./worker

	- name: Build result image
	run: docker build -t $REGISTRY/$REPO/result:latest ./result


	- name: Install Sysdig CLI Scanner
	run: \|
	LATEST_VERSION=$(curl -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)
	curl -Lo sysdig-cli-scanner "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/linux/amd64/sysdig-cli-scanner"
	chmod +x sysdig-cli-scanner
	sudo mv sysdig-cli-scanner /usr/local/bin/
	sysdig-cli-scanner --version

	# # --- Install Sysdig Scanner ---
	# - name: Install Sysdig CLI Scanner
	# run: \|
	# curl -LO curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/arm64/sysdig-cli-scanner"
	# chmod +x sysdig-cli-scanner-linux-amd64
	# sudo mv sysdig-cli-scanner-linux-amd64 /usr/local/bin/sysdig-cli-scanner
	# sysdig-cli-scanner --version



	# --- Scan images ---

	- name: Scan vote image
	env:
	SYSDIG_SECURE_URL: ${{ secrets.SYSDIG_SECURE_URL }}
	SYSDIG_SECURE_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
	run: \|
	sysdig-cli-scanner -a https://app.us4.sysdig.com/secure pull://docker.io/$REPO/examplevotingapp_vote:latest

	- name: Scan worker image
	env:
	SYSDIG_SECURE_URL: ${{ secrets.SYSDIG_SECURE_URL }}
	SYSDIG_SECURE_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
	run: \|
	sysdig-cli-scanner -a https://app.us4.sysdig.com/secure pull://docker.io/$REPO/examplevotingapp_worker:latest

	- name: Scan result image
	env:
	SYSDIG_SECURE_URL: ${{ secrets.SYSDIG_SECURE_URL }}
	SYSDIG_SECURE_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
	run: \|
	sysdig-cli-scanner -a https://app.us4.sysdig.com/secure pull://docker.io/$REPO/examplevotingapp_result:latest

	# --- Optional: Push images to Docker Hub (only if scans passed) ---
	- name: Push vote image
	run: docker push $REGISTRY/$REPO/examplevotingapp_vote:latest

	- name: Push worker image
	run: docker push $REGISTRY/$REPO/examplevotingapp_worker:latest

	- name: Push result image
	run: docker push $REGISTRY/$REPO/examplevotingapp_result:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

updated the run commands for cli scanner #7

Workflow file

updated the run commands for cli scanner #7

Uh oh!

Jobs

Run details

Workflow file for this run