feat: update scanner version to 1.13.0 (#56)

tembleking · web-flow · commit c4f49392fc52 · 2024-07-29T14:57:51.000+02:00
diff --git a/.github/workflows/ci-scan.yaml b/.github/workflows/ci-scan.yaml
@@ -77,6 +77,44 @@ jobs:
             echo "Scan failed as expected."
           fi
 
+  scan-with-old-scanner-version:
+    runs-on: ubuntu-latest
+
+    steps:
+      # This step checks out a copy of your repository.
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Scan dummy-vuln-app from registry
+        id: scan
+        uses: ./
+        continue-on-error: true
+        with:
+          # Old scanner version
+          cli-scanner-version: 1.8.1
+          # Tag of the image to analyse
+          image-tag: sysdiglabs/dummy-vuln-app:latest
+          # API token for Sysdig Scanning auth
+          sysdig-secure-token: ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
+          stop-on-failed-policy-eval: true
+          stop-on-processing-error: true
+          severity-at-least: medium
+
+      - name: Upload SARIF file
+        if: success() || failure() # Upload results regardless previous step fails
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ github.workspace }}/sarif.json
+
+      - name: Check that the scan has failed
+        run: |
+          if [ "${{ steps.scan.outcome }}" == "success" ]; then
+            echo "Scan succeeded but the step should fail."
+            exit 1
+          else
+            echo "Scan failed as expected."
+          fi
+
   standalone-scan-from-registry:
     runs-on: ubuntu-latest
 
diff --git a/action.yml b/action.yml
@@ -3,11 +3,10 @@ description: 'Perform image analysis on locally built container image and post t
 inputs:
   cli-scanner-url:
     description: URL to sysdig-cli-scanner binary download
-    default: https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.8.1/linux/amd64/sysdig-cli-scanner
     required: false
   cli-scanner-version:
     description: Custom sysdig-cli-scanner version to download
-    default: "1.8.1"
+    default: "1.13.0"
     required: false
   registry-user:
     description: Registry username.
