This repository was archived by the owner on Jun 29, 2021. It is now read-only.
forked from lazy-actions/gitrivy
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
59 lines (56 loc) · 1.65 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: 'GHA Trivy'
description: 'Scan docker image vulnerability using Trivy and create GitHub Issue'
author: 'homoluctus'
inputs:
trivy_version:
description: 'Trivy version'
default: 'latest'
required: false
image:
description: 'The target image name of vulnerability scan (specify this parameter or "IMAGE_NAME" environment variable'
required: false
severity:
description: 'severities of vulnerabilities (separated by commma)'
default: 'HIGH,CRITICAL'
required: false
vuln_type:
description: 'target vlunerability [os,library] (separated by commma)'
default: 'os,library'
required: false
ignore_unfixed:
description: 'Ignore unfixed vulnerabilities [true, false]'
default: 'false'
required: false
issue:
description: 'Decide whether to create a issue when vulnerabilities are found [true, false]'
default: 'true'
required: false
token:
description: 'GitHub access token used to create a issue'
required: false
issue_title:
description: 'Issue title'
default: 'Security Alert'
required: false
issue_label:
description: 'Issue label (separated by commma)'
default: 'trivy,vulnerability'
required: false
issue_assignee:
description: 'Issue assignee (separated by commma)'
required: false
fail_on_vulnerabilities:
description: Whether the action should fail if a vulnerability was found
default: 'false'
required: false
outputs:
issue_number:
description: 'The created issue number'
html_url:
description: 'The URL to view the issue'
runs:
using: 'node12'
main: 'dist/index.js'
branding:
icon: 'pocket'
color: 'purple'