sysdiglabs
diff --git a/‎README.md‎
Lines changed: 5 additions & 0 deletions b/‎README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎dist/index.js‎
Lines changed: 8 additions & 3 deletions b/‎dist/index.js‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎index.js‎
Lines changed: 8 additions & 3 deletions b/‎index.js‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎tests/index.test.js‎
Lines changed: 17 additions & 0 deletions b/‎tests/index.test.js‎
Lines changed: 17 additions & 0 deletions
@@ -66,6 +66,11 @@ Additional parameters added to the secure-inline-scan container execution.
 
 Additional parameters added to the docker command when executing the secure-inline-scan container execution.
 
+### `inline-scan-image`
+
+The image `quay.io/sysdig/secure-inline-scan:2` which points to the latest 2.x version of the Sysdig Secure inline scanner is used by default.
+This parameter allows overriding the default image, to use a specific version or for air-gapped environments.
+
 ## SARIF Report
 
 The action generates a SARIF report that can be uploaded using the `codeql-action/upload-sarif` action.
 
@@ -31,7 +31,8 @@ function parseActionInputs() {
     inputPath: core.getInput('input-path'),
     runAsUser: core.getInput('run-as-user'),
     extraParameters: core.getInput('extra-parameters'),
-    extraDockerParameters: core.getInput('extra-docker-parameters')
+    extraDockerParameters: core.getInput('extra-docker-parameters'),
+    inlineScanImage: core.getInput('inline-scan-image'),
   }
 }
 
@@ -129,8 +130,12 @@ async function run() {
     printOptions(opts);
     let flags = composeFlags(opts);
 
-    await pullScanImage(secureInlineScanImage);
-    let scanResult = await executeInlineScan(secureInlineScanImage, flags.dockerFlags, flags.runFlags);
+    let inlineScanImage = secureInlineScanImage;
+    if (opts.inlineScanImage) {
+      inlineScanImage = opts.inlineScanImage;
+    }
+    await pullScanImage(inlineScanImage);
+    let scanResult = await executeInlineScan(inlineScanImage, flags.dockerFlags, flags.runFlags);
     let success = await processScanResult(scanResult);
     if (!(success || opts.ignoreFailedScan)) {
       core.setFailed(`Scan was FAILED.`)
 
@@ -62,6 +62,7 @@ describe("input parsing", () => {
             "runAsUser": "",
             "sysdigSecureURL": "",
             "sysdigSkipTLS": false,
+            "inlineScanImage": "",
         })
     })
 
@@ -77,6 +78,7 @@ describe("input parsing", () => {
         process.env['INPUT_RUN-AS-USER'] = "user";
         process.env['INPUT_SYSDIG-SECURE-URL'] = "https://foo";
         process.env['INPUT_SYSDIG-SKIP-TLS'] = "true";
+        process.env['INPUT_INLINE-SCAN-IMAGE'] = "my-custom-image:latest";
         let opts = index.parseActionInputs()
 
         expect(opts).toEqual({
@@ -91,6 +93,7 @@ describe("input parsing", () => {
             "runAsUser": "user",
             "sysdigSecureURL": "https://foo",
             "sysdigSkipTLS": true,
+            "inlineScanImage": "my-custom-image:latest",
         })
     })
 
@@ -594,4 +597,18 @@ describe("run the full action", () => {
         expect(core.setFailed).toBeCalled();
     })
 
+
+    it("allows override of inline-scan image", async () => {
+        process.env['INPUT_INLINE-SCAN-IMAGE'] = "my-custom-image:latest";
+
+        exec.exec = jest.fn(() => {
+            return Promise.resolve(0);
+        });
+
+        await index.run();
+        expect(exec.exec).toBeCalledTimes(2);
+        expect(exec.exec).toBeCalledWith("docker pull my-custom-image:latest", null);
+        expect(exec.exec).toBeCalledWith(expect.stringMatching(/docker run .* my-custom-image:latest/), null, expect.anything());
+    })
+
 })