In this demo we will use GitHub actions to build, scan and push a container image.
The workflow is based on the sysdiglabs/dummy-vuln-app application and and uses the Sysdiglabs/scan-action GitHub action to scan it.
The workflow is as follows:
- Build the container image and store it locally
- Perform the scan using the Sysdiglabs/scan-action
- Upload a SARIF report
It is required to create a repository secret to store the Sysdig Token:
SYSDIG_SECURE_TOKEN: Sysdig Token