Integrate with CI/CD Tools

You have the option to use image scanning as part of your development pipeline, to check for best practices, vulnerabilities, and sensitive content.

Inline Scanning

As of version 2.5.0, Sysdig Secure users have the option to scan and analyze images locally, sending their infrastructure metadata back to the Sysdig platform without providing access to their registry. The feature may be desired in a variety of cases:

  • Images don't leave their own environment 

  • SaaS users don't send images and proprietary code to Sysdig's SaaS service

  • Registries don't have to be exposed

  • Images can be scanned in parallel more easily

  • Images can be scanned before they hit the registry, which can

    • cut down on registry costs

    • simplify the build pipeline

Prerequisites

  • Sysdig Secure and the ability to connect to the Sysdig installation

  • Docker engine

  • Access to DockerHub

  • Bash

Implement Inline Scanning

  • Access the script

    Download the inline_scan.sh  script here.

  • Review the parameters and example

    The ReadMe file on GitHub describes the script parameters, their usage, and gives a full example.

  • Expected output

    After the scan is triggered, the command line will post a result message of pass or fail. 

    To see the complete result analysis, log in to the Sysdig Secure dashboard and review the Scan Results page.

Pipeline Integration Examples

There are well-documented examples for a variety of pipelines:

Additional Options

You can also: