github-action
github-action copied to clipboard
Published
20 hours ago •
kubescape
kubescape
Impossible to scan private image from Github registry
Hello, I can't scan a private image that is stored in ghcr.io.
I've verified the credentials.
Here is the pipeline:
name: Deploy to dev env
on:
push:
branches: ["dev"]
pull_request:
branches: ["dev"]
jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
security-events: write
actions: read
steps:
- uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: kubescape/github-action@main
continue-on-error: true
with:
image: ghcr.io/beltsecurity/fleet-qc:dev
format: sarif
outputFile: results.sarif
registryUsername: ${{ github.actor }}
registryPassword: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Kubescape scan results to Github Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ghcr.io/beltsecurity/fleet-qc:dev
The pipeline step kubescape/github-action@main outputs the following error:
Error: unable to load image: unable to use OciRegistry source: failed to get image descriptor from registry: GET https://auth.docker.io/token?scope=repository%3A%2F%2Fghcr.io%2Fbeltsecurity%2Ffleet-qc%3Apull&service=registry.docker.io: unexpected status code 401 Unauthorized: {"details":"incorrect username or password"}
I think that URL of the targeted registry is wrong.
