Let's secure your containers

• Welcome

• Getting started

• Pipelines

• Manually
• Github Actions
• Azure Devops

• Monitoring

• Docker
• Docker Compose
• Kubernetes

Github Actions

1. Go to the "Actions" tab of a Github repo.
2. Either add a new workflow by copying the yaml below or add the `Scan with Phonito Security` step after your Docker build from this example workflow.

name: Build & Scan Docker Image
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1

      - name: Set tag var
        id: vars
        run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}

      - name: Build the Docker image
        run: docker build . --file Dockerfile --tag myapp:${{ steps.vars.outputs.docker_tag }}

      - name: Scan with Phonito Security
        uses: phonito/phonito-scanner-action@master
        with:
          image: myapp:${{ steps.vars.outputs.docker_tag }}
          phonito-token: '${{ secrets.PHONITO_TOKEN }}'
          

3. Sign in or Register to create your API token
4. Then create a new secret called `PHONITO_TOKEN` and use your new API token