Skip to content

Commit 4db4dad

Browse files
DeepDiver1975claude
DeepDiver1975
and
claude
committed
feat: add Orca Security container image scanning
Add Orca Security scanning step alongside existing Trivy scan in the Docker build workflow, using orcasecurity/shiftleft-container-image-action@v1.0.6. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 60bacee commit 4db4dad

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

.github/workflows/docker-build.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,11 +30,16 @@ on:
3030
required: false
3131
type: string
3232
default: ""
33+
orca-security-project-key:
34+
required: true
35+
type: string
3336
secrets:
3437
docker-hub-password:
3538
required: true
3639
docker-secrets:
3740
required: false
41+
orca-security-api-token:
42+
required: true
3843

3944
jobs:
4045
build:
@@ -77,6 +82,14 @@ jobs:
7782
exit-code: 1
7883
trivyignores: ${{ inputs.trivy-ignore-files }}
7984

85+
- name: Orca Security scan
86+
uses: orcasecurity/shiftleft-container-image-action@9cceca839ca144e6bb160a1d974d0656bcf71f22 # v1.0.6
87+
with:
88+
api_token: ${{ secrets.orca-security-api-token }}
89+
project_key: ${{ inputs.orca-security-project-key }}
90+
image: registry:5000/image:temp
91+
exit_code: "1"
92+
8093
- name: Set publish tags
8194
if: ${{ inputs.push }}
8295
id: tags

.github/workflows/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,10 @@ jobs:
2222
docker-file: v${{ matrix.version.value }}/Dockerfile.multiarch
2323
docker-hub-username: ${{ vars.DOCKERHUB_USERNAME }}
2424
push: ${{ github.ref == 'refs/heads/master' }}
25+
orca-security-project-key: ${{ vars.ORCA_SECURITY_PROJECT_KEY }}
2526
secrets:
2627
docker-hub-password: ${{ secrets.DOCKERHUB_TOKEN }}
28+
orca-security-api-token: ${{ secrets.ORCA_SECURITY_API_TOKEN }}
2729

2830
strategy:
2931
matrix:

0 commit comments

Comments
 (0)