Update aquasec-scanner-cli.yml #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scan with Aquasec Docker Scanner | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| # Registry name as configured in Aqua integrations | |
| IMAGE_REGISTRY: "dh-az-1" | |
| SCANNER_VERSION: "2405.22.9" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Build the Docker image | |
| run: docker build . --file Dockerfile --tag my-demo-image:${{ github.sha }} | |
| # This step can be replaced pulling the scanner from a local registry | |
| - name: Docker login Aqua Registry | |
| run: docker login registry.aquasec.com -u ${{ secrets.AQUAREG_USER }} -p ${{ secrets.AQUAREG_PSWD }} | |
| - name: Tag image with Registry | |
| run: docker tag my-demo-image:${{ github.sha }} $IMAGE_REGISTRY/my-demo-image:${{ github.sha }} | |
| # Scanner authenticates to the server (-H) using a token (-A) but this can be replaced with user and password auth | |
| # image is registered if found compliant (--register-compliant) as belonging to the final registry (--registry). | |
| # the --local flag indicates a locally built image not available in the registry yet | |
| - name: Scan image | |
| run: docker run --rm -v /var/run/docker.sock:/var/run/docker.sock registry.aquasec.com/scanner:$SCANNER_VERSION scan -H ${{ secrets.AQUA_SERVER }} -n -A ${{ secrets.TOKEN }} --local --text --register-compliant --registry $IMAGE_REGISTRY my-demo-image:${{ github.sha }} | |
| - name: Push to Registry | |
| run: echo "docker push" |