cloudbuild.yaml contains an example for a workflow for Google Cloud Build with these steps:
- Build the docker image for the current repo
- Get the secret value for Sysdig Secure API Token
- Execute Sysdig inline image scanner, stop the workflow if it fails
- Push the image to a registry
In this example, the Sysdig API Token is stored as a secret in Secrets Manager, so the Google Cloud Build account will need secret accessor permissions.
More details on Sysdig blog article: https://sysdig.com/blog/securing-google-cloud-run/