diff --git a/README.md b/README.md index d71882e..5c08582 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,21 @@ -# Sysdig Secure Inline Scan Examples +
-This repository contains examples and information about **how to use** [Sysdig Secure inline scan](https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html) in different integrations and use case scenarios. +# Sysdig Vulnerability Scan Examples + +

+ Sysdig Logo +

Sysdig Vulnerability Scan Examples

+

+ +| :warning: **As of April 20, 2022, Sysdig offers both a Legacy Scanner engine and the newer Vulnerability Management engine. See the [official documentation](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/new-scanning-engine/#which-engine-is-enabled-now) to understand which engine is enabled into your account.** | +| --- | + +
+ +This repository contains examples and information about using in different integrations and use case scenarios both the: + +* [Sysdig Secure inline scan](https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html) - Refered as `old-scan-engine` +* [Sysdig Pipeline Vulnerability Management engine](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/) - Refered as `new-scan-engine` Continue reading the public webpage content of this repository here: @@ -15,6 +30,6 @@ If you find a related topic that lacks enough information or some problem with a ## More information * [Sysdig.com](https://sysdig.com) -* [Sysdig Documentation website - Image Scanning](https://docs.sysdig.com/en/scanning.html) -* [Image Scanning - Integrate with CI/CD Tools](https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html) - +* [Running the CLI scanner](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/#running-the-cli-scanner) +* [Legacy Scanning engine](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/) +* [Legacy Scanning engine - Integrate with CI/CD Tools](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/integrate-with-cicd-tools/) diff --git a/new-scan-engine/aws-codebuild/README.md b/aws-codebuild/new-scan-engine/README.md similarity index 100% rename from new-scan-engine/aws-codebuild/README.md rename to aws-codebuild/new-scan-engine/README.md diff --git a/new-scan-engine/aws-codebuild/build.yaml b/aws-codebuild/new-scan-engine/build.yaml similarity index 100% rename from new-scan-engine/aws-codebuild/build.yaml rename to aws-codebuild/new-scan-engine/build.yaml diff --git a/docs/index.md b/docs/index.md index 4c26b30..92c90af 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,11 +1,117 @@ --- -title: Sysdig Secure Inline Scan Examples +title: Sysdig Vulnerability Scan Examples summary: > This is not a comprehensive catalog of examples for all integrations available, but a live document where we continually publish more information as we see users need it. We do try to keep a list of links to all integrations and other related websites that you may find useful. --- -# Common scenarios & recipes +# Legacy Scanner engine vs Vulnerability Management engine + +**As of April 20, 2022, Sysdig offers both a Legacy Scanner engine and the newer Vulnerability Management engine. See the [official documentation](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/new-scanning-engine/#which-engine-is-enabled-now) to understand which engine is enabled into your account.** + +- [Vulnerability Management engine common scenarios & recipes](#vulnerability-management-engine-common-scenarios---recipes) + * [Download the `sysdig-cli-scanner`](#download-the--sysdig-cli-scanner-) + * [Scan local image, built using docker](#scan-local-image--built-using-docker) + * [Local image (provided docker archive)](#local-image--provided-docker-archive-) + * [Public registry image](#public-registry-image) + * [Private registry image](#private-registry-image) + * [Containers-storage (cri-o, podman, buildah and others)](#containers-storage--cri-o--podman--buildah-and-others-) +- [Legacy Scanner engine common scenarios & recipes](#legacy-scanner-engine-common-scenarios---recipes) + * [Scan local image, built using docker](#scan-local-image--built-using-docker-1) + * [Local image (provided docker archive)](#local-image--provided-docker-archive--1) + * [Public registry image](#public-registry-image-1) + * [Private registry image](#private-registry-image-1) + * [Containers-storage (cri-o, podman, buildah and others)](#containers-storage--cri-o--podman--buildah-and-others--1) + * [Using a proxy](#using-a-proxy) +- [Other integrations and examples](#other-integrations-and-examples) + * [Vulneratbility Management Engine (new scan engine)](#vulneratbility-management-engine--new-scan-engine-) + * [Legacy Scanner Engine (old scan engine)](#legacy-scanner-engine--old-scan-engine-) +- [Other sources of information](#other-sources-of-information) + * [Integrations](#integrations) + * [Documentation pages](#documentation-pages) + * [Blog articles](#blog-articles) +- [Contributing](#contributing) + +# Vulnerability Management engine common scenarios & recipes + +## Download the `sysdig-cli-scanner` + +Linux or MacOS: + +``` +curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/$(uname -s | tr '[:upper:]' '[:lower:]')/amd64/sysdig-cli-scanner" +``` + +Set the executable flag on the file: + +``` +chmod +x ./sysdig-cli-scanner +``` + +You only need to download and set executable once. Then you can scan images by running the `sysdig-cli-scanner` command: + +``` +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl +``` + +## Scan local image, built using docker + +``` +# Build the image locally +docker build -t . + +# Scan the image, available on local docker +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl docker:// +``` + +## Local image (provided docker archive) + +Assuming the image `` is available as an image tarball at `image.tar`. + +For example, the command `docker save -o image.tar` creates a tarball for ``. + +``` +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl file://tmp/image.tar +``` + +## Public registry image + +Example: scan `alpine` image from public registry. The scanner will pull and scan it. + +``` +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl pull://alpine +``` + +## Private registry image + +To scan images from private registries, you might need to provide credentials: + +``` +$ REGISTRY_USER= REGISTRY_PASSWORD= SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl https://secure.sysdig.com ${REPO_NAME}/${IMAGE_NAME} +``` + +## Containers-storage (cri-o, podman, buildah and others) + +Scan images from container runtimes using containers-storage format: + +``` +# Build an image using buildah from a Dockerfile +buildah build-using-dockerfile -t myimage:latest + +# Scan the image +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl crio://localhost/myimage:latest +``` + +Example for an image pulled with podman + +``` +podman pull docker.io/library/alpine + +#Scan the image +SECURE_API_TOKEN= ./sysdig-cli-scanner --apiurl podman://docker.io/library/alpine +``` + +# Legacy Scanner engine common scenarios & recipes ## Scan local image, built using docker @@ -130,41 +236,46 @@ The `no_proxy` variable can be used to define a list of hosts that don't use the In this [repository](https://github.com/sysdiglabs/secure-inline-scan-examples/) you can find the following examples in alphabetical order: -* [AWS Codebuild](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/new-scan-engine/aws-codebuild) -* [Azure Pipelines (New scan engine)](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/azure-pipelines) -* [Google Cloud Build](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/google-cloud-build) -* [Jenkins](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins) - * [Scan from repository](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/jenkins-scan-from-repo) - * [Build and scan](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/jenkins-build-and-scan) - * [Build, push and scan from repository](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/jenkins-build-push-scan-from-repo) - * [Build, push and scan using Openshift internal registry](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/jenkins-openshift-internal-registry) -* GitLab with the [new scan engine](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/gitlab/new-scan-engine), or using the [legacy engine](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/gitlab/old-scan-engine) -* [GitHub](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/github) -* [Tekton](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton) - * [Tekton alpha API](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton/alpha) - * [Tekton beta API](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton/beta) -* Unprivileged Docker - * [Scan from local build](https://github.com/sysdiglabs/secure-inline-scan-examples/blob/main/unprivileged-docker/localbuild_scan.sh) - * [Scan from registry](https://github.com/sysdiglabs/secure-inline-scan-examples/blob/main/unprivileged-docker/registry_scan.sh) +## Vulneratbility Management Engine (new scan engine) + +* [AWS Codebuild](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/aws-codebuild/new-scan-engine) +* [Azure Pipelines](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/azure-pipelines/new-scan-engine) +* [GitLab](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/gitlab/new-scan-engine) +* [GitHub](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/github/new-scan-engine) +* [Jenkins](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/new-scan-engine) + + +## Legacy Scanner Engine (old scan engine) + +* [Azure Pipelines](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/azure-pipelines/old-scan-engine) +* [GitLab](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/gitlab/old-scan-engine) +* [GitHub](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/github/old-scan-engine) +* [Google Cloud Build](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/google-cloud-build/old-scan-engine) +* [Jenkins](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/old-scan-engine) + * [Scan from repository](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/old-scan-engine/jenkins-scan-from-repo) + * [Build and scan](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/old-scan-engine/jenkins-build-and-scan) + * [Build, push and scan from repository](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/old-scan-engine/jenkins-build-push-scan-from-repo) + * [Build, push and scan using Openshift internal registry](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/jenkins/old-scan-engine/jenkins-openshift-internal-registry) +* [Tekton](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton/old-scan-engine) + * [Tekton alpha API](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton/old-scan-engine/alpha) + * [Tekton beta API](https://github.com/sysdiglabs/secure-inline-scan-examples/tree/main/tekton/old-scan-engine/beta) +* [Unprivileged Docker](https://github.com/sysdiglabs/secure-inline-scan-examples/blob/main/unprivileged-docker/old-scan-engine) + * [Scan from local build](https://github.com/sysdiglabs/secure-inline-scan-examples/blob/main/unprivileged-docker/old-scan-engine/localbuild_scan.sh) + * [Scan from registry](https://github.com/sysdiglabs/secure-inline-scan-examples/blob/main/unprivileged-docker/old-scan-engine/registry_scan.sh) # Other sources of information -The following content is related to inline scanning, and lives outside this repository. - ## Integrations These integrations have a specific entry in their respective CI/CD catalogs: - * [Jenkins plugin](https://plugins.jenkins.io/sysdig-secure/) - * [GitHub Action](https://github.com/marketplace/actions/sysdig-secure-inline-scan) + * [Jenkins plugin (both new and old scan engines)](https://plugins.jenkins.io/sysdig-secure/) + * [GitHub Action (old scan engine)](https://github.com/marketplace/actions/sysdig-secure-inline-scan) ## Documentation pages -Official documentation pages must be current to the features provided by the inline scanner, but their explanations may be brief: - -* [CI/CD and Registry Scanning with Runtime Vulnerability Reporting](https://sysdig.com/products/secure/image-scanning/) (main Sysdig web page) -* [Image Scanning](https://docs.sysdig.com/en/scanning.html) (Sysdig Documentation website) -* [Image Scanning - Integrate with CI/CD Tools](https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html) +* [Sysdig - Vulnerability Management](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/) +* [Sysdig - Scanning (Legacy)](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/) ## Blog articles @@ -181,7 +292,7 @@ Blog articles contain detailed step by step information, but may be out of date * [Image Scanning with Github Actions](https://sysdig.com/blog/image-scanning-github-actions/) 📅 2020-01-14 * [AWS ECR Scanning with Sysdig Secure](https://sysdig.com/blog/aws-ecr-scanning/) 📅 2019-11-26 * [Inline Image Scanning for AWS CodePipeline and AWS CodeBuild](https://sysdig.com/blog/image-scanning-aws-codepipeline-codebuild/) 📅 2019-11-26 -* [Image scanning for Azure Pipelines](https://sysdig.com/blog/image-scanning-azure-pipelines/) 📅 2019-10-29 +* [Image scanning for Azure Pipelines](https://sysdig.com/blog/image-scanning-azure-pipelines/) 📅 2022-09-19 * [Docker scanning for Jenkins CI/CD security with the Sysdig Secure plugin](https://sysdig.com/blog/docker-scanning-jenkins/) 📅 2018-09-05 # Contributing diff --git a/github/Dockerfile b/github/new-scan-engine/Dockerfile similarity index 100% rename from github/Dockerfile rename to github/new-scan-engine/Dockerfile diff --git a/github/README.md b/github/new-scan-engine/README.md similarity index 100% rename from github/README.md rename to github/new-scan-engine/README.md diff --git a/github/build-scan-and-push.yaml b/github/new-scan-engine/build-scan-and-push.yaml similarity index 100% rename from github/build-scan-and-push.yaml rename to github/new-scan-engine/build-scan-and-push.yaml diff --git a/github/old-scan-engine/README.md b/github/old-scan-engine/README.md new file mode 100644 index 0000000..6e49602 --- /dev/null +++ b/github/old-scan-engine/README.md @@ -0,0 +1,17 @@ +# GitHub CI Demo + +In this demo we will use GitHub actions to build, scan and push a container image. + +The workflow is based on the [sysdiglabs/dummy-vuln-app](https://github.com/sysdiglabs/dummy-vuln-app) application and and uses the [Sysdiglabs/scan-action](https://github.com/sysdiglabs/scan-action) GitHub action to scan it. + +The workflow is as follows: + +1. Build the container image and store it locally +2. Perform the scan using the [Sysdiglabs/scan-action](https://github.com/sysdiglabs/scan-action) +3. Upload a SARIF report + +## Setup + +It is required to create a repository secret to store the Sysdig Token: + +* `SYSDIG_SECURE_TOKEN`: Sysdig Token diff --git a/github/old-scan-engine/sysdig_buildscan.yaml b/github/old-scan-engine/sysdig_buildscan.yaml new file mode 100644 index 0000000..89c0589 --- /dev/null +++ b/github/old-scan-engine/sysdig_buildscan.yaml @@ -0,0 +1,33 @@ +ame: Sysdig - Build, scan and push Docker Image + +on: [push, repository_dispatch] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + + - name: Build the Docker image + run: docker build . --file Dockerfile --tag sysdiglabs/dummy-vuln-app:latest + + - name: Sysdig Secure Inline Scan + id: scan + uses: sysdiglabs/scan-action@v3 + with: + # Tag of the image to analyse + image-tag: "sysdiglabs/dummy-vuln-app:latest" + # API token for Sysdig Scanning auth + sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }} + dockerfile-path: ./Dockerfile + input-type: docker-daemon + run-as-user: root + ignore-failed-scan: true + + - uses: github/codeql-action/upload-sarif@v1 + if: always() + with: + sarif_file: ${{ steps.scan.outputs.sarifReport }} \ No newline at end of file diff --git a/google-cloud-build/README.md b/google-cloud-build/old-scan-engine/README.md similarity index 100% rename from google-cloud-build/README.md rename to google-cloud-build/old-scan-engine/README.md diff --git a/google-cloud-build/cloud-build-workflow-inline-scan.drawio.svg b/google-cloud-build/old-scan-engine/cloud-build-workflow-inline-scan.drawio.svg similarity index 100% rename from google-cloud-build/cloud-build-workflow-inline-scan.drawio.svg rename to google-cloud-build/old-scan-engine/cloud-build-workflow-inline-scan.drawio.svg diff --git a/google-cloud-build/cloudbuild.yaml b/google-cloud-build/old-scan-engine/cloudbuild.yaml similarity index 100% rename from google-cloud-build/cloudbuild.yaml rename to google-cloud-build/old-scan-engine/cloudbuild.yaml diff --git a/google-cloud-build/hello-world-node-vulnerable/.dockerignore b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/.dockerignore similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/.dockerignore rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/.dockerignore diff --git a/google-cloud-build/hello-world-node-vulnerable/.gitignore b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/.gitignore similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/.gitignore rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/.gitignore diff --git a/google-cloud-build/hello-world-node-vulnerable/Dockerfile b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/Dockerfile similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/Dockerfile rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/Dockerfile diff --git a/google-cloud-build/hello-world-node-vulnerable/README.md b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/README.md similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/README.md rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/README.md diff --git a/google-cloud-build/hello-world-node-vulnerable/package.json b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/package.json similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/package.json rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/package.json diff --git a/google-cloud-build/hello-world-node-vulnerable/server.js b/google-cloud-build/old-scan-engine/hello-world-node-vulnerable/server.js similarity index 100% rename from google-cloud-build/hello-world-node-vulnerable/server.js rename to google-cloud-build/old-scan-engine/hello-world-node-vulnerable/server.js diff --git a/google-cloud-build/project_id b/google-cloud-build/old-scan-engine/project_id similarity index 100% rename from google-cloud-build/project_id rename to google-cloud-build/old-scan-engine/project_id diff --git a/jenkins/new-engine-scan/Jenkinsfile b/jenkins/new-scan-engine/Jenkinsfile similarity index 100% rename from jenkins/new-engine-scan/Jenkinsfile rename to jenkins/new-scan-engine/Jenkinsfile diff --git a/jenkins/new-engine-scan/README.md b/jenkins/new-scan-engine/README.md similarity index 100% rename from jenkins/new-engine-scan/README.md rename to jenkins/new-scan-engine/README.md diff --git a/jenkins/README.md b/jenkins/old-scan-engine/README.md similarity index 100% rename from jenkins/README.md rename to jenkins/old-scan-engine/README.md diff --git a/deprecated-jenkins-inline-scan-v1/Jenkinsfile b/jenkins/old-scan-engine/deprecated-jenkins-inline-scan-v1/Jenkinsfile similarity index 100% rename from deprecated-jenkins-inline-scan-v1/Jenkinsfile rename to jenkins/old-scan-engine/deprecated-jenkins-inline-scan-v1/Jenkinsfile diff --git a/deprecated-jenkins-inline-scan-v1/README.md b/jenkins/old-scan-engine/deprecated-jenkins-inline-scan-v1/README.md similarity index 100% rename from deprecated-jenkins-inline-scan-v1/README.md rename to jenkins/old-scan-engine/deprecated-jenkins-inline-scan-v1/README.md diff --git a/jenkins/jenkins-build-and-scan/Jenkinsfile b/jenkins/old-scan-engine/jenkins-build-and-scan/Jenkinsfile similarity index 100% rename from jenkins/jenkins-build-and-scan/Jenkinsfile rename to jenkins/old-scan-engine/jenkins-build-and-scan/Jenkinsfile diff --git a/jenkins/jenkins-build-and-scan/README.md b/jenkins/old-scan-engine/jenkins-build-and-scan/README.md similarity index 100% rename from jenkins/jenkins-build-and-scan/README.md rename to jenkins/old-scan-engine/jenkins-build-and-scan/README.md diff --git a/jenkins/jenkins-build-push-scan-from-repo/Jenkinsfile b/jenkins/old-scan-engine/jenkins-build-push-scan-from-repo/Jenkinsfile similarity index 100% rename from jenkins/jenkins-build-push-scan-from-repo/Jenkinsfile rename to jenkins/old-scan-engine/jenkins-build-push-scan-from-repo/Jenkinsfile diff --git a/jenkins/jenkins-build-push-scan-from-repo/README.md b/jenkins/old-scan-engine/jenkins-build-push-scan-from-repo/README.md similarity index 100% rename from jenkins/jenkins-build-push-scan-from-repo/README.md rename to jenkins/old-scan-engine/jenkins-build-push-scan-from-repo/README.md diff --git a/jenkins/jenkins-openshift-internal-registry/Jenkinsfile b/jenkins/old-scan-engine/jenkins-openshift-internal-registry/Jenkinsfile similarity index 100% rename from jenkins/jenkins-openshift-internal-registry/Jenkinsfile rename to jenkins/old-scan-engine/jenkins-openshift-internal-registry/Jenkinsfile diff --git a/jenkins/jenkins-openshift-internal-registry/README.md b/jenkins/old-scan-engine/jenkins-openshift-internal-registry/README.md similarity index 100% rename from jenkins/jenkins-openshift-internal-registry/README.md rename to jenkins/old-scan-engine/jenkins-openshift-internal-registry/README.md diff --git a/jenkins/jenkins-scan-from-repo/Jenkinsfile b/jenkins/old-scan-engine/jenkins-scan-from-repo/Jenkinsfile similarity index 100% rename from jenkins/jenkins-scan-from-repo/Jenkinsfile rename to jenkins/old-scan-engine/jenkins-scan-from-repo/Jenkinsfile diff --git a/jenkins/jenkins-scan-from-repo/README.md b/jenkins/old-scan-engine/jenkins-scan-from-repo/README.md similarity index 100% rename from jenkins/jenkins-scan-from-repo/README.md rename to jenkins/old-scan-engine/jenkins-scan-from-repo/README.md diff --git a/output-format/README.md b/output-format/old-scan-engine/README.md similarity index 100% rename from output-format/README.md rename to output-format/old-scan-engine/README.md diff --git a/output-format/run-inline-scan.sh b/output-format/old-scan-engine/run-inline-scan.sh similarity index 100% rename from output-format/run-inline-scan.sh rename to output-format/old-scan-engine/run-inline-scan.sh diff --git a/tekton/README.md b/tekton/old-scan-engine/README.md similarity index 100% rename from tekton/README.md rename to tekton/old-scan-engine/README.md diff --git a/tekton/alpha/sample-registry-secrets.yaml b/tekton/old-scan-engine/alpha/sample-registry-secrets.yaml similarity index 100% rename from tekton/alpha/sample-registry-secrets.yaml rename to tekton/old-scan-engine/alpha/sample-registry-secrets.yaml diff --git a/tekton/alpha/sample-sysdig-secrets.yaml b/tekton/old-scan-engine/alpha/sample-sysdig-secrets.yaml similarity index 100% rename from tekton/alpha/sample-sysdig-secrets.yaml rename to tekton/old-scan-engine/alpha/sample-sysdig-secrets.yaml diff --git a/tekton/alpha/tekton-inline-scan-localbuild-alpha.yaml b/tekton/old-scan-engine/alpha/tekton-inline-scan-localbuild-alpha.yaml similarity index 100% rename from tekton/alpha/tekton-inline-scan-localbuild-alpha.yaml rename to tekton/old-scan-engine/alpha/tekton-inline-scan-localbuild-alpha.yaml diff --git a/tekton/alpha/tekton-inline-scan-registry-alpha.yaml b/tekton/old-scan-engine/alpha/tekton-inline-scan-registry-alpha.yaml similarity index 100% rename from tekton/alpha/tekton-inline-scan-registry-alpha.yaml rename to tekton/old-scan-engine/alpha/tekton-inline-scan-registry-alpha.yaml diff --git a/tekton/beta/sample-registry-secrets-beta.sh b/tekton/old-scan-engine/beta/sample-registry-secrets-beta.sh similarity index 100% rename from tekton/beta/sample-registry-secrets-beta.sh rename to tekton/old-scan-engine/beta/sample-registry-secrets-beta.sh diff --git a/tekton/beta/sample-sysdig-secrets.yaml b/tekton/old-scan-engine/beta/sample-sysdig-secrets.yaml similarity index 100% rename from tekton/beta/sample-sysdig-secrets.yaml rename to tekton/old-scan-engine/beta/sample-sysdig-secrets.yaml diff --git a/tekton/beta/service-role.sh b/tekton/old-scan-engine/beta/service-role.sh similarity index 100% rename from tekton/beta/service-role.sh rename to tekton/old-scan-engine/beta/service-role.sh diff --git a/tekton/beta/tekton-inline-scan-localbuild-beta.yaml b/tekton/old-scan-engine/beta/tekton-inline-scan-localbuild-beta.yaml similarity index 100% rename from tekton/beta/tekton-inline-scan-localbuild-beta.yaml rename to tekton/old-scan-engine/beta/tekton-inline-scan-localbuild-beta.yaml diff --git a/tekton/beta/tekton-inline-scan-registry-beta.yaml b/tekton/old-scan-engine/beta/tekton-inline-scan-registry-beta.yaml similarity index 100% rename from tekton/beta/tekton-inline-scan-registry-beta.yaml rename to tekton/old-scan-engine/beta/tekton-inline-scan-registry-beta.yaml diff --git a/tekton/test/alpha/delete-credentials.sh b/tekton/old-scan-engine/test/alpha/delete-credentials.sh similarity index 100% rename from tekton/test/alpha/delete-credentials.sh rename to tekton/old-scan-engine/test/alpha/delete-credentials.sh diff --git a/tekton/test/alpha/delete-pipeline-localbuild.sh b/tekton/old-scan-engine/test/alpha/delete-pipeline-localbuild.sh similarity index 100% rename from tekton/test/alpha/delete-pipeline-localbuild.sh rename to tekton/old-scan-engine/test/alpha/delete-pipeline-localbuild.sh diff --git a/tekton/test/alpha/delete-pipeline-registry.sh b/tekton/old-scan-engine/test/alpha/delete-pipeline-registry.sh similarity index 100% rename from tekton/test/alpha/delete-pipeline-registry.sh rename to tekton/old-scan-engine/test/alpha/delete-pipeline-registry.sh diff --git a/tekton/test/alpha/delete-tekton-alpha.sh b/tekton/old-scan-engine/test/alpha/delete-tekton-alpha.sh similarity index 100% rename from tekton/test/alpha/delete-tekton-alpha.sh rename to tekton/old-scan-engine/test/alpha/delete-tekton-alpha.sh diff --git a/tekton/test/alpha/init-tekton-alpha.sh b/tekton/old-scan-engine/test/alpha/init-tekton-alpha.sh similarity index 100% rename from tekton/test/alpha/init-tekton-alpha.sh rename to tekton/old-scan-engine/test/alpha/init-tekton-alpha.sh diff --git a/tekton/test/alpha/prepare-credentials.sh b/tekton/old-scan-engine/test/alpha/prepare-credentials.sh similarity index 100% rename from tekton/test/alpha/prepare-credentials.sh rename to tekton/old-scan-engine/test/alpha/prepare-credentials.sh diff --git a/tekton/test/alpha/run-pipeline-localbuild.sh b/tekton/old-scan-engine/test/alpha/run-pipeline-localbuild.sh similarity index 100% rename from tekton/test/alpha/run-pipeline-localbuild.sh rename to tekton/old-scan-engine/test/alpha/run-pipeline-localbuild.sh diff --git a/tekton/test/alpha/run-pipeline-registry.sh b/tekton/old-scan-engine/test/alpha/run-pipeline-registry.sh similarity index 100% rename from tekton/test/alpha/run-pipeline-registry.sh rename to tekton/old-scan-engine/test/alpha/run-pipeline-registry.sh diff --git a/tekton/test/alpha/wait-tekton-ready.sh b/tekton/old-scan-engine/test/alpha/wait-tekton-ready.sh similarity index 100% rename from tekton/test/alpha/wait-tekton-ready.sh rename to tekton/old-scan-engine/test/alpha/wait-tekton-ready.sh diff --git a/tekton/test/beta/delete-credentials.sh b/tekton/old-scan-engine/test/beta/delete-credentials.sh similarity index 100% rename from tekton/test/beta/delete-credentials.sh rename to tekton/old-scan-engine/test/beta/delete-credentials.sh diff --git a/tekton/test/beta/delete-pipeline-localbuild.sh b/tekton/old-scan-engine/test/beta/delete-pipeline-localbuild.sh similarity index 100% rename from tekton/test/beta/delete-pipeline-localbuild.sh rename to tekton/old-scan-engine/test/beta/delete-pipeline-localbuild.sh diff --git a/tekton/test/beta/delete-pipeline-registry.sh b/tekton/old-scan-engine/test/beta/delete-pipeline-registry.sh similarity index 100% rename from tekton/test/beta/delete-pipeline-registry.sh rename to tekton/old-scan-engine/test/beta/delete-pipeline-registry.sh diff --git a/tekton/test/beta/delete-tekton-beta.sh b/tekton/old-scan-engine/test/beta/delete-tekton-beta.sh similarity index 100% rename from tekton/test/beta/delete-tekton-beta.sh rename to tekton/old-scan-engine/test/beta/delete-tekton-beta.sh diff --git a/tekton/test/beta/init-tekton-beta.sh b/tekton/old-scan-engine/test/beta/init-tekton-beta.sh similarity index 100% rename from tekton/test/beta/init-tekton-beta.sh rename to tekton/old-scan-engine/test/beta/init-tekton-beta.sh diff --git a/tekton/test/beta/prepare-credentials.sh b/tekton/old-scan-engine/test/beta/prepare-credentials.sh similarity index 100% rename from tekton/test/beta/prepare-credentials.sh rename to tekton/old-scan-engine/test/beta/prepare-credentials.sh diff --git a/tekton/test/beta/run-pipeline-localbuild.sh b/tekton/old-scan-engine/test/beta/run-pipeline-localbuild.sh similarity index 100% rename from tekton/test/beta/run-pipeline-localbuild.sh rename to tekton/old-scan-engine/test/beta/run-pipeline-localbuild.sh diff --git a/tekton/test/beta/run-pipeline-registry.sh b/tekton/old-scan-engine/test/beta/run-pipeline-registry.sh similarity index 100% rename from tekton/test/beta/run-pipeline-registry.sh rename to tekton/old-scan-engine/test/beta/run-pipeline-registry.sh diff --git a/tekton/test/beta/wait-tekton-ready.sh b/tekton/old-scan-engine/test/beta/wait-tekton-ready.sh similarity index 100% rename from tekton/test/beta/wait-tekton-ready.sh rename to tekton/old-scan-engine/test/beta/wait-tekton-ready.sh diff --git a/tekton/test/delete-crc.sh b/tekton/old-scan-engine/test/delete-crc.sh similarity index 100% rename from tekton/test/delete-crc.sh rename to tekton/old-scan-engine/test/delete-crc.sh diff --git a/tekton/test/delete-test-alpha-localbuild.sh b/tekton/old-scan-engine/test/delete-test-alpha-localbuild.sh similarity index 100% rename from tekton/test/delete-test-alpha-localbuild.sh rename to tekton/old-scan-engine/test/delete-test-alpha-localbuild.sh diff --git a/tekton/test/delete-test-alpha-registry.sh b/tekton/old-scan-engine/test/delete-test-alpha-registry.sh similarity index 100% rename from tekton/test/delete-test-alpha-registry.sh rename to tekton/old-scan-engine/test/delete-test-alpha-registry.sh diff --git a/tekton/test/delete-test-beta-localbuild.sh b/tekton/old-scan-engine/test/delete-test-beta-localbuild.sh similarity index 100% rename from tekton/test/delete-test-beta-localbuild.sh rename to tekton/old-scan-engine/test/delete-test-beta-localbuild.sh diff --git a/tekton/test/delete-test-beta-registry.sh b/tekton/old-scan-engine/test/delete-test-beta-registry.sh similarity index 100% rename from tekton/test/delete-test-beta-registry.sh rename to tekton/old-scan-engine/test/delete-test-beta-registry.sh diff --git a/tekton/test/init/kubernetes-namespace.sh b/tekton/old-scan-engine/test/init/kubernetes-namespace.sh similarity index 100% rename from tekton/test/init/kubernetes-namespace.sh rename to tekton/old-scan-engine/test/init/kubernetes-namespace.sh diff --git a/tekton/test/init/oc-login.sh b/tekton/old-scan-engine/test/init/oc-login.sh similarity index 100% rename from tekton/test/init/oc-login.sh rename to tekton/old-scan-engine/test/init/oc-login.sh diff --git a/tekton/test/init/openshift-project.sh b/tekton/old-scan-engine/test/init/openshift-project.sh similarity index 100% rename from tekton/test/init/openshift-project.sh rename to tekton/old-scan-engine/test/init/openshift-project.sh diff --git a/tekton/test/logs.sh b/tekton/old-scan-engine/test/logs.sh similarity index 100% rename from tekton/test/logs.sh rename to tekton/old-scan-engine/test/logs.sh diff --git a/tekton/test/port-forwarding.sh b/tekton/old-scan-engine/test/port-forwarding.sh similarity index 100% rename from tekton/test/port-forwarding.sh rename to tekton/old-scan-engine/test/port-forwarding.sh diff --git a/tekton/test/start-prepare-crc.sh b/tekton/old-scan-engine/test/start-prepare-crc.sh similarity index 100% rename from tekton/test/start-prepare-crc.sh rename to tekton/old-scan-engine/test/start-prepare-crc.sh diff --git a/tekton/test/test-alpha-localbuild.sh b/tekton/old-scan-engine/test/test-alpha-localbuild.sh similarity index 100% rename from tekton/test/test-alpha-localbuild.sh rename to tekton/old-scan-engine/test/test-alpha-localbuild.sh diff --git a/tekton/test/test-alpha-registry.sh b/tekton/old-scan-engine/test/test-alpha-registry.sh similarity index 100% rename from tekton/test/test-alpha-registry.sh rename to tekton/old-scan-engine/test/test-alpha-registry.sh diff --git a/tekton/test/test-beta-localbuild.sh b/tekton/old-scan-engine/test/test-beta-localbuild.sh similarity index 100% rename from tekton/test/test-beta-localbuild.sh rename to tekton/old-scan-engine/test/test-beta-localbuild.sh diff --git a/tekton/test/test-beta-registry.sh b/tekton/old-scan-engine/test/test-beta-registry.sh similarity index 100% rename from tekton/test/test-beta-registry.sh rename to tekton/old-scan-engine/test/test-beta-registry.sh diff --git a/unprivileged-docker/localbuild_scan.sh b/unprivileged-docker/old-scan-engine/localbuild_scan.sh similarity index 100% rename from unprivileged-docker/localbuild_scan.sh rename to unprivileged-docker/old-scan-engine/localbuild_scan.sh diff --git a/unprivileged-docker/registry_scan.sh b/unprivileged-docker/old-scan-engine/registry_scan.sh similarity index 100% rename from unprivileged-docker/registry_scan.sh rename to unprivileged-docker/old-scan-engine/registry_scan.sh