Skip to content
Compare
Choose a tag to compare
@bluesentinelsec bluesentinelsec released this 26 Nov 18:41
8c2d4d7

This release adds support for scanning multi-arch container images.

To use this feature, specify the OS and CPU platform matching the image you wish to scan by adding the platform argument to your workflows, as shown below:

      - name: Scan built image with Inspector
        uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
        id: inspector
        with:
          artifact_type: 'container'
          artifact_path: 'alpine:latest'
          ...
          platform: "linux/arm64/v8"
          sbomgen_version: "latest"

If platform is unspecified, this action will default to the OS/CPU platform that matches the GitHub Actions runner.

⚠️ This workflow requires inspector-sbomgen versions greater than or equal to 1.5.2.