Update build.yml

korengalpalo · web-flow · commit 3b8a6d703369 · 2025-06-09T17:18:44.000+03:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -59,6 +59,13 @@ jobs:
           echo "LATEST_SHA=$LATEST_SHA" >> $GITHUB_ENV
           docker build -t ${{ vars.IMAGE_REGISTRY }}:$LATEST_SHA .
           docker tag ${{ vars.IMAGE_REGISTRY }}:$LATEST_SHA ${{ vars.IMAGE_REGISTRY }}:latest
+          docker save -o ${{ vars.IMAGE_REGISTRY }}:$LATEST_SHA.tar
+
+      - name: 🏗️ Cortex CLI scan image
+        run: |
+          crtx_resp=$(curl -s "https://api-viso-qiztv9dbyuodlmcssy88st.xdr-qa2-uat.us.paloaltonetworks.com/public_api/v1/unified-cli/releases/download-link?os=darwin&architecture=arm64" -H "x-xdr-auth-id: 2" -H "Authorization: n48lqPkPhrbsMoxJKjTyaTpE55t4RPFDrIZ8278lRb30XhSDfRQxxEwQPdlI1lgQC52IsidO9XsNhpQM0FqKqfeuEAEDkiNuITx5IxLOj4x4J72xuKWO4qDWCrr7n2TM") && crtx_url=$(echo $crtx_resp | jq -r ".signed_url") && crtx_file=$(echo $crtx_resp | jq -r ".file_name") && curl -o $crtx_file $crtx_url
+          chmod +x ./cortexcli
+          ./cortexcli --api-base-url https://api-viso-qiztv9dbyuodlmcssy88st.xdr-qa2-uat.us.paloaltonetworks.com --api-key n48lqPkPhrbsMoxJKjTyaTpE55t4RPFDrIZ8278lRb30XhSDfRQxxEwQPdlI1lgQC52IsidO9XsNhpQM0FqKqfeuEAEDkiNuITx5IxLOj4x4J72xuKWO4qDWCrr7n2TM --api-key-id 2 --log-level debug image scan ${{ vars.IMAGE_REGISTRY }}:$LATEST_SHA.tar
 
       - name: 🚀 Push Docker Image to AWS ECR
         run: |
