Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2b30463ddb | ||
|
|
d7a51817e8 | ||
|
|
9fbcc91008 |
2
.github/workflows/build.yaml
vendored
2
.github/workflows/build.yaml
vendored
@@ -1,7 +1,7 @@
|
||||
name: "build"
|
||||
on: [push, pull_request]
|
||||
env:
|
||||
TRIVY_VERSION: 0.25.0
|
||||
TRIVY_VERSION: 0.26.0
|
||||
jobs:
|
||||
build:
|
||||
name: build
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM aquasec/trivy:0.25.0
|
||||
FROM aquasec/trivy:0.26.0
|
||||
COPY entrypoint.sh /
|
||||
RUN apk --no-cache add bash
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
@@ -394,6 +394,7 @@ Following inputs can be used as `step.with` keys:
|
||||
| `timeout` | String | `5m0s` | Scan timeout duration |
|
||||
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
|
||||
| `list-all-pkgs` | String | | Output all packages regardless of vulnerability |
|
||||
| `security-checks`| String | `vuln` | comma-separated list of what security issues to detect (`vuln`,`config`)|
|
||||
|
||||
[release]: https://github.com/aquasecurity/trivy-action/releases/latest
|
||||
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github
|
||||
|
||||
@@ -73,6 +73,10 @@ inputs:
|
||||
description: 'output all packages regardless of vulnerability'
|
||||
required: false
|
||||
default: 'false'
|
||||
security-checks:
|
||||
description: 'comma-separated list of what security issues to detect'
|
||||
required: false
|
||||
default: ''
|
||||
runs:
|
||||
using: 'docker'
|
||||
image: "Dockerfile"
|
||||
@@ -95,3 +99,4 @@ runs:
|
||||
- '-p ${{ inputs.hide-progress }}'
|
||||
- '-q ${{ inputs.skip-files }}'
|
||||
- '-r ${{ inputs.list-all-pkgs }}'
|
||||
- '-s ${{ inputs.security-checks }}'
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:" o; do
|
||||
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:" o; do
|
||||
case "${o}" in
|
||||
a)
|
||||
export scanType=${OPTARG}
|
||||
@@ -56,6 +56,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:" o; do
|
||||
r)
|
||||
export listAllPkgs=${OPTARG}
|
||||
;;
|
||||
s)
|
||||
export securityChecks=${OPTARG}
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
@@ -95,6 +98,9 @@ if [ $vulnType ] && [ "$scanType" != "config" ];then
|
||||
ARGS="$ARGS --vuln-type $vulnType"
|
||||
SARIF_ARGS="$SARIF_ARGS --vuln-type $vulnType"
|
||||
fi
|
||||
if [ $securityChecks ] && [ "$scanType" == "fs" ];then
|
||||
ARGS="$ARGS --security-checks $securityChecks"
|
||||
fi
|
||||
if [ $severity ];then
|
||||
ARGS="$ARGS --severity $severity"
|
||||
fi
|
||||
|
||||
@@ -442,7 +442,7 @@
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": "0.25.0"
|
||||
"version": "0.26.0"
|
||||
}
|
||||
},
|
||||
"results": [
|
||||
|
||||
@@ -35,6 +35,13 @@
|
||||
[ "$result" == '' ]
|
||||
}
|
||||
|
||||
@test "trivy fs with securityChecks option" {
|
||||
# trivy fs -f json --security-checks=vuln,config -o fs.test .
|
||||
./entrypoint.sh '-a fs' '-j .' '-b json' '-s vuln,config' '-h fs-scheck.test'
|
||||
result="$(diff ./test/data/fs.test fs.test)"
|
||||
[ "$result" == '' ]
|
||||
}
|
||||
|
||||
@test "trivy repo" {
|
||||
# trivy repo -f json -o repo.test --severity CRITICAL https://github.com/aquasecurity/trivy-action/
|
||||
./entrypoint.sh '-b json' '-h repo.test' '-g CRITICAL' '-a repo' '-j https://github.com/aquasecurity/trivy-action/'
|
||||
|
||||
Reference in New Issue
Block a user