* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Automated Container Image...

# Automated Container Image Scanning with the Prisma Cloud GitHub Action

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgithub-action-container-image-scanning%2F)  
[](https://twitter.com/share?text=Automated+Container+Image+Scanning+with+the+Prisma+Cloud+GitHub+Action&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgithub-action-container-image-scanning%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgithub-action-container-image-scanning%2F&title=Automated+Container+Image+Scanning+with+the+Prisma+Cloud+GitHub+Action&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/github-action-container-image-scanning/&ts=markdown)  
\[\](mailto:?subject=Automated Container Image Scanning with the Prisma Cloud GitHub Action)  
Link copied  
By [Wyatt Gill](https://www.paloaltonetworks.com/blog/author/wyatt-gill/?ts=markdown "Posts by Wyatt Gill")  
Jun 07, 2021  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/tag/cloud-workload-protection/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/tag/devsecops/?ts=markdown)

GitHub Actions offer an easy way for customers to automate software workflows as a CI/CD pipeline built into their repository platform. This simplifies adding tests, such as security tests, to inform developers of vulnerabilities and block code that doesn't meet the organization's policies from getting added to a repository or deployed to production. [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)'s image scanning identifies vulnerabilities and compliance issues in container images during the development process. We're excited to enable this functionality for your CI/CD pipeline using our [container image scanning GitHub Action](https://github.com/marketplace/actions/prisma-cloud-scan).

## How We Built It

At the core of the action is twistcli, which speaks to the extensibility of the tool. When added to your workflow, the action gathers the necessary variables, scans your container image, then outputs the results in both the standard twistcli output format and SARIF.

To do this, we start by gathering your credentials, Console address, and image name specified in the with section of the scan action's YAML. Using the GitHub Actions Toolkit Node.js modules, we then make sure that the correct version of twistcli is available in the workflow's tool cache, pulling it from the Console and saving it if not. We scan the specified container image using the cached twistcli tool. This identifies vulnerabilities and compliance violations in the image.

The action outputs both a standard JSON output file directly from twistcli and generates a separate SARIF output file after reformatting the standard output. You can optionally upload the SARIF to GitHub using the upload-sarif action in your workflow if you want to leverage code scanning alerts in your repository.

## Automated Image Scanning

Adding the Prisma Cloud Scan Action to your existing image build pipeline is simple. Add another step that uses our action and pass in the required inputs. For example, after building the image, add a step like this:

- name: Build image  
  run: docker build -t $IMAGE\_NAME

- name: Scan image  
  uses: PaloAltoNetworks/prisma-cloud-scan@v1  
  with:

pcc\_console\_url: ${{ secrets.PCC\_CONSOLE\_URL }}  
pcc\_user: ${{ secrets.PCC\_USER }}  
pcc\_pass: ${{ secrets.PCC\_PASS }}  
image\_name: ${{ env.IMAGE\_NAME }}

## In-workflow Feedback and Guardrails

Using the Defend settings in the Prisma Cloud console, you can set the threshold for alerts and failures. This creates an automated way to both inform developers about the posture of their images as they integrate code into the repository and block code that is too vulnerable.
![Alert and failure threshold settings](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-35.png)
Alert and failure threshold settings

The next time you run your workflow, your image will be built and scanned for vulnerabilities and compliance violations. The results of the scan will show up for developers in the GitHub workflow log and all scans across environments will be aggregated in the Prisma Cloud Console.
![Output in the GitHub workflow log](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-36.png)
Output in the GitHub workflow log ![Output in the Prisma Cloud Console](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-37.png)
Output in the Prisma Cloud Console

Optionally, you can have your vulnerabilities and compliance violations sent to your repository's code scanning alerts for easy tracking. To do this, use GitHub's upload-sarif action to upload the file containing the scan results in SARIF by adding the following after the image scan step.

`- name: Upload SARIF file`  
` if: ${{ always() }}`  
` uses: github/codeql-action/upload-sarif@v1`  
` with:`

`sarif_file: ${{ steps.scan.outputs.sarif_file }}`

This provides a central place in your repository to view the currently-open vulnerabilities and compliance violations. Once these issues are addressed, for example, if a package is upgraded removing a vulnerability, the alert will be cleared automatically after you scan the updated image.
![Example Code scanning alert output](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-38.png)
Example Code scanning alert output

## Available Now in the GitHub Marketplace

GitHub Actions can be leveraged to create fully automated workflows, including CI/CD pipelines. Together with Prisma Cloud image scanning, development teams can build, secure and deploy their applications all from GitHub. Access our Action from the [GitHub Marketplace](https://github.com/marketplace/actions/prisma-cloud-scan).

To learn more about this and our other native integrations, see our [integration documentation](https://docs.twistlock.com/docs/integrations.html). And whether you're new to containers or a cloud-native veteran, [The 2024 Definitive Guide to Container Security](https://www.paloaltonetworks.com/resources/ebooks/container-security-definitive-guide?ts=markdown) is your essential resource for understanding, implementing and mastering security in a containerized environment. Download your free copy today!

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Prisma Cloud Improves Anti-Malware Capabilities with WildFire Integration](https://www.paloaltonetworks.com/blog/cloud-security/prisma-cloud-and-wildfire-integration/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Our Latest Open Source Innovation, Yor: Automated IaC Tag and Trace](https://www.paloaltonetworks.com/blog/2021/05/yor-automated-iac-tag-and-trace/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Secure from Code to Cloud --- Prisma Cloud at AWS re:Inforce 2023](https://www.paloaltonetworks.com/blog/cloud-security/aws-reinforce-2023-conference/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Expands Runtime Protection to Azure Serverless Functions](https://www.paloaltonetworks.com/blog/cloud-security/azure-serverless/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Partners To Secure AWS Graviton Arm-Based Compute Instances](https://www.paloaltonetworks.com/blog/cloud-security/aws-graviton/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### The Journey to Coursera with Google Cloud and Prisma Cloud](https://www.paloaltonetworks.com/blog/cloud-security/google-qwiklabs/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language