Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ac8de07fd1 | ||
|
|
09b815c470 | ||
|
|
0ce0e69d98 | ||
|
|
dba83feec8 | ||
|
|
c9017eb417 | ||
|
|
4ef054abe6 |
+1
-1
@@ -1,4 +1,4 @@
|
||||
FROM aquasec/trivy:0.18.0
|
||||
FROM aquasec/trivy:0.18.1
|
||||
COPY entrypoint.sh /
|
||||
RUN apk --no-cache add bash
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
@@ -284,13 +284,14 @@ Following inputs can be used as `step.with` keys:
|
||||
| `format` | String | `table` | Output format (`table`, `json`, `template`) |
|
||||
| `template` | String | | Output template (`@/contrib/sarif.tpl`, `@/contrib/gitlab.tpl`, `@/contrib/junit.tpl`)|
|
||||
| `output` | String | | Save results to a file |
|
||||
| `exit-code` | String | `0` | Exit code when vulnerabilities were found |
|
||||
| `exit-code` | String | `0` | Exit code when specified vulnerabilities are found |
|
||||
| `ignore-unfixed` | Boolean | false | Ignore unpatched/unfixed vulnerabilities |
|
||||
| `vuln-type` | String | `os,library` | Vulnerability types (os,library) |
|
||||
| `severity` | String | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | Severities of vulnerabilities to be displayed |
|
||||
| `severity` | String | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | Severities of vulnerabilities to scanned for and displayed |
|
||||
| `skip-dirs` | String | | Comma separated list of directories where traversal is skipped |
|
||||
| `cache-dir` | String | | Cache directory |
|
||||
| `timeout` | String | `2m0s` | Scan timeout duration |
|
||||
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
|
||||
|
||||
[release]: https://github.com/aquasecurity/trivy-action/releases/latest
|
||||
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github
|
||||
|
||||
@@ -57,6 +57,10 @@ inputs:
|
||||
description: 'timeout (default 2m0s)'
|
||||
required: false
|
||||
default: ''
|
||||
ignore-policy:
|
||||
description: 'filter vulnerabilities with OPA rego language'
|
||||
required: false
|
||||
default: ''
|
||||
runs:
|
||||
using: 'docker'
|
||||
image: "Dockerfile"
|
||||
@@ -75,3 +79,4 @@ runs:
|
||||
- '-l ${{ inputs.input }}'
|
||||
- '-m ${{ inputs.cache-dir }}'
|
||||
- '-n ${{ inputs.timeout }}'
|
||||
- '-o ${{ inputs.ignore-policy }}'
|
||||
|
||||
+14
-5
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:" o; do
|
||||
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:" o; do
|
||||
case "${o}" in
|
||||
a)
|
||||
export scanType=${OPTARG}
|
||||
@@ -44,6 +44,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:" o; do
|
||||
n)
|
||||
export timeout=${OPTARG}
|
||||
;;
|
||||
o)
|
||||
export ignorePolicy=${OPTARG}
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
@@ -58,6 +61,11 @@ if [ $input ]; then
|
||||
fi
|
||||
ignoreUnfixed=$(echo $ignoreUnfixed | tr -d '\r')
|
||||
|
||||
GLOBAL_ARGS=""
|
||||
if [ $cacheDir ];then
|
||||
GLOBAL_ARGS="$GLOBAL_ARGS --cache-dir $cacheDir"
|
||||
fi
|
||||
|
||||
ARGS=""
|
||||
if [ $format ];then
|
||||
ARGS="$ARGS --format $format"
|
||||
@@ -86,12 +94,13 @@ if [ $skipDirs ];then
|
||||
ARGS="$ARGS --skip-dirs $i"
|
||||
done
|
||||
fi
|
||||
if [ $cacheDir ];then
|
||||
ARGS="$ARGS --cache-dir $cacheDir"
|
||||
fi
|
||||
if [ $timeout ];then
|
||||
ARGS="$ARGS --timeout $timeout"
|
||||
fi
|
||||
if [ $ignorePolicy ];then
|
||||
ARGS="$ARGS --ignore-policy $ignorePolicy"
|
||||
fi
|
||||
|
||||
echo "Running trivy with options: " --no-progress "${ARGS}" "${artifactRef}"
|
||||
trivy ${scanType} --no-progress $ARGS ${artifactRef}
|
||||
echo "Global options: " "${GLOBAL_ARGS}"
|
||||
trivy $GLOBAL_ARGS ${scanType} --no-progress $ARGS ${artifactRef}
|
||||
|
||||
Reference in New Issue
Block a user