-
Notifications
You must be signed in to change notification settings - Fork 21
32 lines (32 loc) · 1.22 KB
/
example-scan-image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Kubescape scanning for image vulnerabilities
on: [push, pull_request]
jobs:
kubescape-scan-image:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- uses: kubescape/github-action@main
continue-on-error: true
with:
image: quay.io/kubescape/kubescape:v3.0.3
format: sarif
outputFile: results.sarif
# severityThreshold: "critical"
# # Username for a private registry with the image
# # Username for the image registry account you use to retrieve and scan images
# registryUsername: ${{secrets.SCANNER_REGISTRY_USERNAME}}
# # Password for a private registry with the image
# registryPassword: ${{secrets.REGISTRY_PASSWORD}}
# # Fail at or above the specified vulnerability severity threshold
# Kubescape Portal credentials
# account: ${{secrets.KUBESCAPE_ACCOUNT}}
# accessKey: ${{secrets.KUBESCAPE_ACCESS_KEY}}
# server: ${{ vars.KUBESCAPE_SERVER }}
- name: Upload Kubescape scan results to Github Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif