https://github.com/sysdiglabs/secure-inline-scan
https://github.com/sysdiglabs/secure-inline-scan
Last synced: 6 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/sysdiglabs/secure-inline-scan
- Owner: sysdiglabs
- License: apache-2.0
- Created: 2019-09-25T23:54:32.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-22T10:04:22.000Z (about 2 years ago)
- Last Synced: 2023-03-09T00:41:18.792Z (about 2 years ago)
- Language: Shell
- Size: 250 KB
- Stars: 18
- Watchers: 14
- Forks: 11
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
| :warning: This scanner is legacy. To work with the new scanner please go to the right [repository](https://github.com/sysdiglabs/secure-inline-scan-examples) or check the [documentation](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/) |
| --- |
# Sysdig inline scan
> **_WARNING:_** This repository contains the deprecated inline-scan script V1
>
> Sysdig Inline Scan V2 is the recommended version for this old engine.
>
> Check https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html for more information about the old engine (2022)
>
> Check https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline for more about the new engine (2023)
## Note about older version (1.x)
[Sysdig inline scan V1](v1.md) is still available, but not supported. V1 version runs as a script, and requires a working Docker environment (binaries and daemon), or can run as a container, mounting the docker socket inside the container.
## Migrating to V2
If running the inline-scan via container:
```
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock sysdiglabs/secure-inline-scan analyze ...
```
migration to the new version requires changing the image name to `quay.io/sysdig/secure-inline-scan:2` and adding the `--storage-type=docker-daemon` parameter, and removing the `analyze` option:
```
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock quay.io/sysdig/secure-inline-scan:2 ... --storage-type=docker-daemon
```
depending on the `docker.sock`permissions you might need to run as root (adding `-u` to the `docker run` command) or adjusting the permissions in the docker socket.
If you are executing the script as:
```
inline_scan.sh ...
```
then you will need to execute the inline-scanner as a container instead, as described previously.
### Breaking changes
* **Execution mode**: The inline scan is now executed in a different way. You need to directly run the container instead of using the old `inline_scan.sh` wrapper script. This means that you might need to adapt your automations or pipelines to migrate to inline-scan v2
* **TLS verification**: starting from version 2, you'll need to explicitly pass `--sysdig-skip-tls` if targeting an on-prem with non verifiable certificate.
----