https://github.com/crowdstrike/container-image-scan-action
CrowdStrike Container Image Scan Github Action
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (11.3%) to scientific vocabulary
Keywords
Keywords from Contributors
Repository
CrowdStrike Container Image Scan Github Action
Basic Info
Statistics
- Stars: 15
- Watchers: 9
- Forks: 14
- Open Issues: 4
- Releases: 11
Topics
Metadata Files
README.md
[!WARNING] DEPRECATED: This action is deprecated and no longer maintained. Please migrate to the official CrowdStrike container scanning action: CrowdStrike/fcs-action
container-image-scan action
Usage
Pre-requisites
- Have a CrowdStrike Container Workload Protection (CWP) subscription
- Create an OAUTH2 secret at https://falcon.crowdstrike.com/support/api-clients-and-keys
- Add your OAUTH2 secret called
FALCON_CLIENT_SECRETto a GitHub secret athttps://github.com/<your_org>/<your_repo>/settings/secrets/actions - Create a workflow
.ymlfile in your.github/workflowsdirectory. An example workflow is available below. For more information, reference the GitHub Help Documentation for Creating a workflow file
Inputs
-
falcon_client_id: Your CrowdStrike OAUTH2 Client ID -
container_repository: The container image to scan (e.g.my_imageormyregistry.io/my_container) -
container_tag: The container tag to scan against (default:latest) -
crowdstrike_region: The CrowdStrike Cloud region to submit for scanning (default:us-1) -
crowdstrike_score: The score threshold used to allow for step success (optional, default:500) -
retry_count: How many attempts will be made to download the scan report before giving up (optional, default:10) -
json_report: Path to output the json report (optional, default:None) -
log_level: Set the logging level (optional, default:INFO)
NOTE: Scoring is based on the CrowdStrike vulnerability severity table scoring shown below.
| Severity | Score | |--------------------|:-----------| | Critical | 2000 | | High | 500 | | Medium | 100 | | Low | 20 |
Example Workflow
Create a workflow (eg: .github/workflows/scan.yml):
```yaml name: Scan Container Images
on: push: branches: - master
jobs: scan: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2
- name: CrowdStrike Container Image Scan
uses: crowdstrike/container-image-scan-action@v1.1.0
with:
falcon_client_id: <my_falcon_client_id>
container_repository: docker.io/library/busybox
env:
FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
```
Alternatively if you want to run all the configurations as secrets, set any the following as environment variables under env instead of uses:
```yaml name: Scan Container Images
on: push: branches: - master
jobs: scan: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2
- name: CrowdStrike Container Image Scan
uses: crowdstrike/container-image-scan-action@v1.1.0
env:
FALCON_CLIENT_ID: "${{ secrets.FALCON_CLIENT_ID }}"
FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}"
FALCON_CLOUD_REGION: "{{ secrets.FALCON_CLOUD_REGION }}"
CONTAINER_REPO: "{{ secrets.CONTAINER_REPO }}"
CONTAINER_TAG: "{{ secrets.CONTAINER_TAG }}"
```
Owner
- Name: CrowdStrike
- Login: CrowdStrike
- Kind: organization
- Email: github@crowdstrike.com
- Location: United States of America
- Website: https://www.crowdstrike.com
- Repositories: 183
- Profile: https://github.com/CrowdStrike
GitHub Events
Total
- Issues event: 1
- Watch event: 1
- Issue comment event: 1
- Push event: 2
- Pull request event: 2
- Pull request review event: 1
- Pull request review comment event: 2
- Fork event: 3
- Create event: 1
Last Year
- Issues event: 1
- Watch event: 1
- Issue comment event: 1
- Push event: 2
- Pull request event: 2
- Pull request review event: 1
- Pull request review comment event: 2
- Fork event: 3
- Create event: 1
Committers
Last synced: 9 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Gabe Alford | r****s@g****m | 15 |
| Bryan McClellan | 4****3 | 7 |
| TomRyan-321 | 2****1 | 3 |
| Joshua Hiller | 7****s | 2 |
| Šimon Lukašík | i****k@f****g | 1 |
| Shawn Wells | s****n@s****o | 1 |
| jsumali-felix | j****i@f****a | 1 |
| Luccas Martins | l****e@g****m | 1 |
| Derek Olsen | d****n@c****m | 1 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 9
- Total pull requests: 23
- Average time to close issues: 5 months
- Average time to close pull requests: about 23 hours
- Total issue authors: 7
- Total pull request authors: 9
- Average comments per issue: 1.56
- Average comments per pull request: 0.39
- Merged pull requests: 21
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 1
- Pull requests: 3
- Average time to close issues: N/A
- Average time to close pull requests: 2 days
- Issue authors: 1
- Pull request authors: 3
- Average comments per issue: 0.0
- Average comments per pull request: 0.33
- Merged pull requests: 2
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- mph13 (2)
- ctoestreich (2)
- mccbryan3 (1)
- henriquevcosta (1)
- shawndwells (1)
- jerodk (1)
- jvermillard (1)
Pull Request Authors
- redhatrises (14)
- TomRyan-321 (3)
- thed4zz4 (2)
- jsumali-felix (2)
- Lucc4sMartins (2)
- mccbryan3 (2)
- someword (1)
- isimluk (1)
- jshcodes (1)
Top Labels
Issue Labels
Pull Request Labels
Packages
- Total packages: 1
- Total downloads: unknown
- Total dependent packages: 0
- Total dependent repositories: 1
- Total versions: 14
github actions: CrowdStrike/container-image-scan-action
Scan your container image for vulnerabilities and malware
- License: unlicense
-
Latest release: v1.4.0
published over 1 year ago