GitHub Actions Setup

Use the DevSecOpsBot Image Scanner GitHub Action and pass the image + policy inputs. Minimal example (workflow_dispatch):

name: Image Scan
on:
  workflow_dispatch:
    inputs:
      image:
        description: "Image to scan"
        required: true
        default: "nginx:latest"

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: devsecopsbot/image-scan@v1
        with:
          image: ${{ github.event.inputs.image }}
          post-url: ${{ secrets.POST_URL }}
          auth-token: ${{ secrets.AUTH_TOKEN }}
          server-token: ${{ secrets.SERVER_TOKEN }}
          block-on-critical: 0
          block-on-high: 10
          block-on-any: false
          block-on-secrets: true

Inputs and examples shown above are supported by the action (including backend config + blocking controls). GitHub

Backend Inputs

• post-url – backend endpoint
• auth-token – backend authentication token
• server-token – vulnerability DB token GitHub

Cloud/Private Registry Authentication

Provide registry credentials as environment variables via GitHub Actions secrets. Examples the action supports include:

• AWS ECR: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION
• GCP Artifact Registry / GCR: BASE64_GOOGLE_CREDENTIALS
• Azure ACR: REGISTRY_AZURE_USERNAME, REGISTRY_AZURE_PASSWORD GitHub