Skip to content

Feature #480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sukeshraja wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Feature #480

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
9300558
adding sysdig yaml file
sukeshraja Mar 23, 2026
f3675d0
Adding sysdig scan images
sukeshraja Mar 23, 2026
f0e6e2e
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
3a803de
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
bb83ccb
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
eb34d79
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
c1009d1
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
a90c50a
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
fe19087
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
658b2d1
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
6f4b38b
Update sysdig-build.yaml
sukeshraja Mar 23, 2026
10cf7ae
adding Iac scanner
sukeshraja Mar 23, 2026
83cdbc5
updated vote deployment file
sukeshraja Mar 24, 2026
ebe925c
removed security context
sukeshraja Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions .github/workflows/sysdig-build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Voting App

on:
push:
branches: main
pull_request:

jobs:
build-images:
runs-on: ubuntu-latest

steps:
- name: Checkout Repository
uses: actions/checkout@v4

- name: Download Sysdig CLI Scanner
run: |
curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
chmod +x ./sysdig-cli-scanner

- name: Build Vote Image
run: docker build -t vote:${{ github.sha }} ./vote

- name: Scan vote image
env:
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
run: |
./sysdig-cli-scanner --apiurl "${{ secrets.SYSDIG_SECURE_ENDPOINT }}" "docker://vote:${{ github.sha }}" || true

- name: Build Worker Image
run: docker build -t worker:${{ github.sha }} ./worker

- name: Scan Worker Image
env:
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
run: |
./sysdig-cli-scanner --apiurl "${{ secrets.SYSDIG_SECURE_ENDPOINT }}" "docker://worker:${{ github.sha }}" || true

# - name: Scan Worker image
# uses: sysdiglabs/scan-action@v6
# with:
# image-tag: worker:${{ github.sha }}
# sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
# secure-api-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}

- name: Build Result Image
run: docker build -t result:${{ github.sha }} ./result

- name: Scan Result image
env:
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
run: |
./sysdig-cli-scanner --apiurl "${{ secrets.SYSDIG_SECURE_ENDPOINT }}" "docker://result:${{ github.sha }}" || true

- name: Show Built Images
run: docker images

- name: Scan Kubernetes manifests with Sysdig IaC
env:
SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }}
run: |
./sysdig-cli-scanner --iac --apiurl "${{ secrets.SYSDIG_SECURE_ENDPOINT }}" ./k8s-specifications || true
2 changes: 2 additions & 0 deletions k8s-specifications/vote-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,5 @@ spec:
ports:
- containerPort: 80
name: vote
# securityContext:
# privileged: true