We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 7d66092 commit 2b32b6dCopy full SHA for 2b32b6d
1 file changed
.github/workflows/iac-scan.yaml
@@ -0,0 +1,26 @@
1
+name: IaC Scan
2
+
3
+on:
4
+ pull_request:
5
+ branches: [ main ]
6
7
+jobs:
8
+ iac-scan:
9
+ runs-on: ubuntu-latest
10
+ steps:
11
+ - name: Checkout code
12
+ uses: actions/checkout@v4
13
14
+ - name: Install Sysdig CLI Scanner
15
+ run: |
16
+ LATEST_VERSION=$(curl -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)
17
+ curl -Lo sysdig-cli-scanner "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/linux/amd64/sysdig-cli-scanner"
18
+ chmod +x sysdig-cli-scanner
19
+ sudo mv sysdig-cli-scanner /usr/local/bin/
20
+ sysdig-cli-scanner --version
21
22
+ - name: IaC scan
23
+ env:
24
+ SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
25
26
+ sysdig-cli-scanner --iac -r -f H --apiurl ${{ secrets.SYSDIG_SECURE_URL }} .
0 commit comments