Skip to content
shield

GitHub Action

AccuKnox Container Scan

v0.0.1 Latest version

AccuKnox Container Scan

shield

AccuKnox Container Scan

Scan Docker images using AccuKnox and push the results to the CSPM panel

Installation

Copy and paste the following snippet into your .yml file.

              

- name: AccuKnox Container Scan

uses: accuknox/[email protected]

Learn more about this action in accuknox/container-scan-action

Choose a version

Automate Container Image Security Scanning with AccuKnox GitHub Action

Learn More

Input Values Description Optional/Required Default Values
dockerfile_context The context of the Dockerfile to use for building the image. Optional Dockerfile
endpoint The URL of the CSPM panel to push the scan results to. Optional cspm.demo.accuknox.com
token The token for authenticating with the CSPM panel. Required -
tenant_id The ID of the tenant associated with the CSPM panel. Required -
repository_name Docker image repository name. Required -
tag Add version tag to the repository. Optional ${{ github.run_id }}
severity Allows selection of severity level for the scan. Options include UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL. Optional UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL
exit_code Specifies pipeline behavior upon detecting specified severity level. '0' (continue) or '1' (halt). Optional 0
label The label created in AccuKnox SaaS for associating scan results. Required -

Usage

Steps for using Install-action in a workflow yaml file

  • Checkout into the repo using checkout action.
  • Utilize the accuknox/container-scan-action repository with version tag v0.0.1.

Token Generation from Accuknox SaaS and Viewing Tenant ID

Navigate to Tokens within the Settings section in the sidebar: 1

Click on Create Token: After clicking on 'Create Token,' the Tenant ID will be visible. 2

Click on Generate: 3

workflow steps:

 - name: Run AccuKnox CSPM Scan
        uses: accuknox/[email protected]
        with:
          token:
          tenant_id:                       #Required
          repository_name:                 #Required
          label:                           #Required
          endpoint:                        #Optional
          tag:                             #Optional
          exit_code:                       #Optional
          severity:                        #Optional
          dockerfile_context:              #Optional

Minimalist Sample Configuration

name: AccuKnox Scan Workflow

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  accuknox-cicd:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@main

      - name: Run AccuKnox CSPM Scan
        uses: accuknox/[email protected]
        with:
          token: ${{ secrets.TOKEN }}
          tenant_id: ${{ secrets.TENANT_ID }}
          repository_name: ${{ github.repository }}
          label: ${{ secrets.LABEL }}