refactor: use Dockefile rather than a built image

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
lacework · Jun 21, 2022 · 6aaaf91 · 6aaaf91
1 parent 15f4115
commit 6aaaf91
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 26 deletions.
diff --git a/.github/workflows/test-action-blocked-disable-library.yaml b/.github/workflows/test-action-blocked-disable-library.yaml
@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Pull Docker image
-        run: docker image pull ghcr.io/timarenz/vulnerable-container:v0.0.1
+        run: docker image pull techallylw/vulnerable-container:v0.0.1
 
       - name: Build lw-scanner action container image
         uses: docker/build-push-action@v2
@@ -30,7 +30,7 @@ jobs:
         with:
           LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
           LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN_POLICY }}
-          IMAGE_NAME: ghcr.io/timarenz/vulnerable-container
+          IMAGE_NAME: techallylw/vulnerable-container
           IMAGE_TAG: v0.0.1
           SCAN_LIBRARY_PACKAGES: false
 

diff --git a/.github/workflows/test-action-blocked.yaml b/.github/workflows/test-action-blocked.yaml
@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Pull Docker image
-        run: docker image pull ghcr.io/timarenz/vulnerable-container:v0.0.1
+        run: docker image pull techallylw/vulnerable-container:v0.0.1
 
       - name: Build lw-scanner action container image
         uses: docker/build-push-action@v2
@@ -30,7 +30,7 @@ jobs:
         with:
           LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
           LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN_POLICY }}
-          IMAGE_NAME: ghcr.io/timarenz/vulnerable-container
+          IMAGE_NAME: techallylw/vulnerable-container
           IMAGE_TAG: v0.0.1
 
       - name: Check if vulnerabilites were found and step failed.

diff --git a/.github/workflows/test-action-report.yaml b/.github/workflows/test-action-report.yaml
@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Pull Docker image
-        run: docker image pull ghcr.io/timarenz/vulnerable-container:v0.0.1
+        run: docker image pull techallylw/vulnerable-container:v0.0.1
 
       - name: Build lw-scanner action container image
         uses: docker/build-push-action@v2
@@ -29,7 +29,7 @@ jobs:
         with:
           LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
           LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-          IMAGE_NAME: ghcr.io/timarenz/vulnerable-container
+          IMAGE_NAME: techallylw/vulnerable-container
           IMAGE_TAG: v0.0.1
           SAVE_BUILD_REPORT: true
           BUILD_REPORT_FILE_NAME: report.html
diff --git a/DEVELOPER_GUIDELINES.MD b/DEVELOPER_GUIDELINES.MD
@@ -66,4 +66,4 @@ The body should contain a longer description of the change, try not to repeat th
 Put as much context as you think it is needed, don’t be shy and explain your thought process, limitations, ideas for new features or fixes, etc.
 
 ### Footer
-The footer is used to reference issues, pull requests or breaking changes, for example, "Fixes ticket #123".
+The footer is used to reference issues, pull requests or breaking changes, for example, "Fixes ticket #123".
diff --git a/README.md b/README.md
@@ -11,30 +11,30 @@ Github Action for using the Lacework Inline image scanner in workflows
 To add the scanner to your workflow:
 
 ```yaml
-- uses: lacework/lw-scanner-action@v0.6.0
-  name: Scan container images for vulnerabitilies using Lacework
+- uses: lacework/lw-scanner-action@v1.0.0
+  name: Scan container image for vulnerabitilies using Lacework
   with:
     LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} 
     LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-    IMAGE_NAME: ghcr.io/timarenz/vulnerable-container
+    IMAGE_NAME: techallylw/vulnerable-container
     IMAGE_TAG: v0.0.1
 ```
 
 Options:
 
-| Option | Description | Default |
-| - | - | - |
-| `LW_ACCOUNT_NAME` | Your Lacework account name (see [docs](https://docs.lacework.com/integrate-inline-scanner#configure-authentication-using-environment-variables))| |
-| `LW_ACCESS_TOKEN` | Authorization token (see [docs](https://docs.lacework.com/integrate-inline-scanner#obtain-the-inline-scanner-and-authorization-token))| |
-| `IMAGE_NAME` | Name of the container to be scanned, for example `node` | |
-| `IMAGE_TAG` | Tag of the container image you want to scan, for example `12.18.2-alpine` | |
-| `SCAN_LIBRARY_PACKAGES` | Also scan software packages (Default: true) | true |
-| `SAVE_RESULTS_IN_LACEWORK` | Save results to Lacework | true |
-| `SAVE_BUILD_REPORT` | Saves the evaluation report as a local HTML file. | false | 
-| `BUILD_REPORT_FILE_NAME` | Specify custom file name for the HTML evalutation report | <OS_TYPE>-<IMAGE_DIGEST_SHA256>.html |
-| `FAIL_BUILD` | Fail the build of vulnerabilities are discovered according to the threshold | true |
-| `SEVERITY_THRESHOLD` | Severity threshold that will fail the build: info, low, medium, high, critical, fixable | medium |
-| `USE_POLICY` | Use the Lacework policy managed feature (beta). If enabled this overwrites `FAIL_BUILD`and `SEVERITY_THRESHOLD` | false |
+| Option                     | Description                                                                                                                                      | Default                                |
+|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------|
+| `LW_ACCOUNT_NAME`          | Your Lacework account name (see [docs](https://docs.lacework.com/integrate-inline-scanner#configure-authentication-using-environment-variables)) |                                        |
+| `LW_ACCESS_TOKEN`          | Authorization token (see [docs](https://docs.lacework.com/integrate-inline-scanner#obtain-the-inline-scanner-and-authorization-token))           |                                        |
+| `IMAGE_NAME`               | Name of the container to be scanned, for example `node`                                                                                          |                                        |
+| `IMAGE_TAG`                | Tag of the container image you want to scan, for example `12.18.2-alpine`                                                                        |                                        |
+| `SCAN_LIBRARY_PACKAGES`    | Also scan software packages                                                                                                                      | `true`                                 |
+| `SAVE_RESULTS_IN_LACEWORK` | Save results to your Lacework account                                                                                                            | `true`                                 |
+| `SAVE_BUILD_REPORT`        | Saves the evaluation report as a local HTML file.                                                                                                | false                                  |
+| `BUILD_REPORT_FILE_NAME`   | Specify custom file name for the HTML evalutation report                                                                                         | `<OS_TYPE>-<IMAGE_DIGEST_SHA256>.html` |
+| `FAIL_BUILD`               | Fail the build of vulnerabilities are discovered according to the threshold                                                                      | `true`                                 |
+| `SEVERITY_THRESHOLD`       | Severity threshold that will fail the build: info, low, medium, high, critical, fixable                                                          | `medium`                               |
+| `USE_POLICY`               | Use the Lacework policy managed feature (beta). If enabled, this overwrites `FAIL_BUILD`and `SEVERITY_THRESHOLD`                                 | `false`                                |
 
 ## Example
 
@@ -47,7 +47,7 @@ jobs:
               with:
                 LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} 
                 LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-                IMAGE_NAME: ghcr.io/timarenz/vulnerable-container
+                IMAGE_NAME: techallylw/vulnerable-container
                 IMAGE_TAG: v0.0.1
                 SAVE_RESULTS_IN_LACEWORK: true
                 SAVE_BUILD_REPORT: true

diff --git a/action.yaml b/action.yaml
@@ -31,7 +31,7 @@ inputs:
     required: false
 runs:
   using: "docker"
-  image: "docker://lacework/lw-scanner-action:latest"
+  image: "Dokerfile"
   args:
     - ${{ inputs.LW_ACCOUNT_NAME }}
     - ${{ inputs.LW_ACCESS_TOKEN }}

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -27,4 +27,3 @@ rm ${GITHUB_WORKSPACE}/evaluations/${INPUT_IMAGE_NAME}/${INPUT_IMAGE_TAG}/evalua
 # Run scanner
 /opt/lacework/lw-scanner image evaluate ${INPUT_IMAGE_NAME} ${INPUT_IMAGE_TAG} --build-plan ${GITHUB_REPOSITORY} \
   --build-id ${GITHUB_RUN_ID} --data-directory ${GITHUB_WORKSPACE}  --policy --fail-on-violation-exit-code 1 ${SCANNER_PARAMETERS}
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -27,4 +27,3 @@ rm ${GITHUB_WORKSPACE}/evaluations/${INPUT_IMAGE_NAME}/${INPUT_IMAGE_TAG}/evalua
		# Run scanner
		/opt/lacework/lw-scanner image evaluate ${INPUT_IMAGE_NAME} ${INPUT_IMAGE_TAG} --build-plan ${GITHUB_REPOSITORY} \
		--build-id ${GITHUB_RUN_ID} --data-directory ${GITHUB_WORKSPACE} --policy --fail-on-violation-exit-code 1 ${SCANNER_PARAMETERS}