CrowdStrike Container Image Scan
ActionsTags
(2)Verified
Warning
DEPRECATED: This action is deprecated and no longer maintained. Please migrate to the official CrowdStrike container scanning action: CrowdStrike/fcs-action
- Have a CrowdStrike Container Workload Protection (CWP) subscription
- Create an OAUTH2 secret at https://falcon.crowdstrike.com/support/api-clients-and-keys
- Add your OAUTH2 secret called
FALCON_CLIENT_SECRETto a GitHub secret athttps://github.com/<your_org>/<your_repo>/settings/secrets/actions - Create a workflow
.ymlfile in your.github/workflowsdirectory. An example workflow is available below. For more information, reference the GitHub Help Documentation for Creating a workflow file
falcon_client_id: Your CrowdStrike OAUTH2 Client IDcontainer_repository: The container image to scan (e.g.my_imageormyregistry.io/my_container)container_tag: The container tag to scan against (default:latest)crowdstrike_region: The CrowdStrike Cloud region to submit for scanning (default:us-1)crowdstrike_score: The score threshold used to allow for step success (optional, default:500)retry_count: How many attempts will be made to download the scan report before giving up (optional, default:10)json_report: Path to output the json report (optional, default:None)log_level: Set the logging level (optional, default:INFO)
NOTE: Scoring is based on the CrowdStrike vulnerability severity table scoring shown below.
| Severity | Score |
|---|---|
| Critical | 2000 |
| High | 500 |
| Medium | 100 |
| Low | 20 |
Create a workflow (eg: .github/workflows/scan.yml):
name: Scan Container Images
on:
push:
branches:
- master
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: CrowdStrike Container Image Scan
uses: crowdstrike/[email protected]
with:
falcon_client_id: <my_falcon_client_id>
container_repository: docker.io/library/busybox
env:
FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"Alternatively if you want to run all the configurations as secrets, set any the following as environment variables under env instead of uses:
name: Scan Container Images
on:
push:
branches:
- master
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: CrowdStrike Container Image Scan
uses: crowdstrike/[email protected]
env:
FALCON_CLIENT_ID: "${{ secrets.FALCON_CLIENT_ID }}"
FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
FALCON_CLOUD_REGION: "{{ secrets.FALCON_CLOUD_REGION }}"
CONTAINER_REPO: "{{ secrets.CONTAINER_REPO }}"
CONTAINER_TAG: "{{ secrets.CONTAINER_TAG }}"
CrowdStrike Container Image Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Verified
Tags
(2)CrowdStrike Container Image Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.