Skip to content

Latest commit

 

History

History
82 lines (65 loc) · 4.03 KB

README.md

File metadata and controls

82 lines (65 loc) · 4.03 KB

Automate Container Image Security Scanning with AccuKnox GitHub Action

Learn More

Input Values Description Optional/Required Default Values
dockerfile_context The context of the Dockerfile to use for building the image. Optional Dockerfile
endpoint The URL of the CSPM panel to push the scan results to. Optional cspm.demo.accuknox.com
token The token for authenticating with the CSPM panel. Required -
tenant_id The ID of the tenant associated with the CSPM panel. Required -
repository_name Docker image repository name. Required -
tag Add version tag to the repository. Optional ${{ github.run_id }}
severity Allows selection of severity level for the scan. Options include UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL. Optional UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL
exit_code Specifies pipeline behavior upon detecting specified severity level. '0' (continue) or '1' (halt). Optional 0
label The label created in AccuKnox SaaS for associating scan results. Required -

Usage

Steps for using Install-action in a workflow yaml file

  • Checkout into the repo using checkout action.
  • Utilize the accuknox/container-scan-action repository with version tag v0.0.1.

Token Generation from Accuknox SaaS and Viewing Tenant ID

Navigate to Tokens within the Settings section in the sidebar: 1

Click on Create Token: After clicking on 'Create Token,' the Tenant ID will be visible. 2

Click on Generate: 3

workflow steps:

 - name: Run AccuKnox CSPM Scan
        uses: accuknox/container-scan-action@v0.0.1
        with:
          token:
          tenant_id:                       #Required
          repository_name:                 #Required
          label:                           #Required
          endpoint:                        #Optional
          tag:                             #Optional
          exit_code:                       #Optional
          severity:                        #Optional
          dockerfile_context:              #Optional

Minimalist Sample Configuration

name: AccuKnox Scan Workflow

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  accuknox-cicd:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@main

      - name: Run AccuKnox CSPM Scan
        uses: accuknox/container-scan-action@v0.0.1
        with:
          token: ${{ secrets.TOKEN }}
          tenant_id: ${{ secrets.TENANT_ID }}
          repository_name: ${{ github.repository }}
          label: ${{ secrets.LABEL }}