-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yaml
42 lines (39 loc) · 1.7 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: 'Contrast Verify'
description: 'Verify Contrast Application by Job Outcome Policy or Vulnerability Count'
branding:
icon: 'shield'
color: 'green'
inputs:
apiKey:
description: 'Contrast User/Service Account API Key'
required: true
orgId:
description: 'Contrast Organization ID'
required: true
apiUrl:
description: 'URL of your Contrast Teamserver Instance (should begin with https:// or http://)'
default: 'https://app.contrastsecurity.com'
serviceKey:
description: 'Contrast User/Service Account service key. Required if authorization not passed.'
authHeader:
description: 'Contrast User/Service Account Authorization Header. Required if username and service key not passed.'
userName:
description: 'Contrast User/Service Account username. Required if authorization not passed.'
appId:
description: 'ID of the application to verify against. Required if app_name not passed.'
appName:
description: 'Name of the application to verify against. Required if app_id not passed.'
buildNumber:
description: 'Build number / application version to check vulnerabilities against.'
failThreshold:
description: 'Number of vulnerabilities that are needed to fail the build (not used if there is a defined job outcome policy)'
default: '0'
jobStartTime:
description: 'Filter vulnerabilities first found after this timestamp (formatted in milliseconds since the epoch)'
default: '0'
severities:
description: 'Comma separated list of vulnerability severities to consider (not used if there is a defined job outcome policy)'
default: 'CRITICAL,HIGH'
runs:
using: 'docker'
image: 'docker://ghcr.io/contrast-security-oss/integration-verify:main'