Skip to content

feat: add Orca Security container image scanning#257

Draft
DeepDiver1975 wants to merge 1 commit intomasterfrom
feat/orca-security-scanning
Draft

feat: add Orca Security container image scanning#257
DeepDiver1975 wants to merge 1 commit intomasterfrom
feat/orca-security-scanning

Conversation

@DeepDiver1975
Copy link
Copy Markdown
Contributor

@DeepDiver1975 DeepDiver1975 commented Apr 14, 2026

Summary

  • Add Orca Security Container Image Scanning step to the Docker build workflow alongside the existing Trivy scan
  • Pinned to orcasecurity/shiftleft-container-image-action@9cceca839ca144e6bb160a1d974d0656bcf71f22 (v1.0.6)
  • Both Trivy and Orca scans run on the locally-built image (127.0.0.1:5000/image:temp) before publishing
  • Requires two new repository secrets/variables to be configured:
    • ORCA_SECURITY_API_TOKEN (secret) — Orca API token for authentication
    • ORCA_SECURITY_PROJECT_KEY (variable) — Orca project key

Test plan

  • Configure ORCA_SECURITY_API_TOKEN secret and ORCA_SECURITY_PROJECT_KEY variable in the repository settings
  • Verify the Orca Security scan step runs after the Trivy scan step
  • Verify the workflow fails (exit_code: 1) when Orca detects HIGH/CRITICAL vulnerabilities
  • Verify the existing Trivy scan step is unaffected

🤖 Generated with Claude Code

@DeepDiver1975 @claude
feat: add Orca Security container image scanning
e5d29a3 
Add Orca Security scanning step alongside existing Trivy scan in the
Docker build workflow, using orcasecurity/shiftleft-container-image-action@v1.0.6.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 DeepDiver1975 marked this pull request as draft April 14, 2026 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DeepDiver1975