forked from aquasecurity/trivy-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
117 lines (116 loc) · 3.55 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: "Aqua Security Trivy"
description: "Scans container images for vulnerabilities with Trivy"
author: "Aqua Security"
inputs:
scan-type:
description: "Scan type to use for scanning vulnerability"
required: false
default: "image"
image-ref:
description: "image reference(for backward compatibility)"
required: true
input:
description: "reference of tar file to scan"
required: false
default: ""
scan-ref:
description: "Scan reference"
required: false
default: "."
exit-code:
description: "exit code when vulnerabilities were found"
required: false
ignore-unfixed:
description: "ignore unfixed vulnerabilities"
required: false
default: "false"
vuln-type:
description: "comma-separated list of vulnerability types (os,library)"
required: false
default: "os,library"
severity:
description: "severities of vulnerabilities to be displayed"
required: false
default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
format:
description: "output format (table, json, template)"
required: false
default: "table"
template:
description: "use an existing template for rendering output (@/contrib/gitlab.tpl, @/contrib/junit.tpl, @/contrib/html.tpl)"
required: false
default: ""
output:
description: "writes results to a file with the specified file name"
required: false
default: ""
skip-dirs:
description: "comma separated list of directories where traversal is skipped"
required: false
default: ""
skip-files:
description: "comma separated list of files to be skipped"
required: false
default: ""
cache-dir:
description: "specify where the cache is stored"
required: false
default: ""
timeout:
description: "timeout (default 5m0s)"
required: false
default: ""
ignore-policy:
description: "filter vulnerabilities with OPA rego language"
required: false
default: ""
hide-progress:
description: "hide progress output"
required: false
list-all-pkgs:
description: "output all packages regardless of vulnerability"
required: false
default: "false"
security-checks:
description: "comma-separated list of what security issues to detect"
required: false
default: ""
trivyignores:
description: "comma-separated list of relative paths in repository to one or more .trivyignore files"
required: false
default: ""
artifact-type:
description: "input artifact type (image, fs, repo, archive) for SBOM generation"
required: false
github-pat:
description: "GitHub Personal Access Token (PAT) for submitting SBOM to GitHub Dependency Snapshot API"
required: false
trivy-config:
description: "path to trivy.yaml config"
required: false
runs:
using: "docker"
image: "Dockerfile"
args:
- "-a ${{ inputs.scan-type }}"
- "-b ${{ inputs.format }}"
- "-c ${{ inputs.template }}"
- "-d ${{ inputs.exit-code }}"
- "-e ${{ inputs.ignore-unfixed }}"
- "-f ${{ inputs.vuln-type }}"
- "-g ${{ inputs.severity }}"
- "-h ${{ inputs.output }}"
- "-i ${{ inputs.image-ref }}"
- "-j ${{ inputs.scan-ref }}"
- "-k ${{ inputs.skip-dirs }}"
- "-l ${{ inputs.input }}"
- "-m ${{ inputs.cache-dir }}"
- "-n ${{ inputs.timeout }}"
- "-o ${{ inputs.ignore-policy }}"
- "-p ${{ inputs.hide-progress }}"
- "-q ${{ inputs.skip-files }}"
- "-r ${{ inputs.list-all-pkgs }}"
- "-s ${{ inputs.security-checks }}"
- "-t ${{ inputs.trivyignores }}"
- "-u ${{ inputs.github-pat }}"
- "-v ${{ inputs.trivy-config }}"