Fix docker host bug (#329 )

* Update entrypoint.sh should be a value not boolean * Update action.yaml add example * Update README.md
Browse scan reports without GitHub Advanced Security license (#328 )
3 changed files with 33 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -522,6 +522,35 @@ jobs:
          sarif_file: 'trivy-results.sarif'
 ```

+### Using Trivy if you don't have code scanning enabled
+
+It's also possible to browse a scan result in a workflow summary.
+
+This step is especially useful for private repositories without [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) license.
+
+```yaml
+- name: Run Trivy scanner
+  uses: aquasecurity/trivy-action@master
+  with:
+    scan-type: config
+    hide-progress: true
+    output: trivy.txt
+
+- name: Publish Trivy Output to Summary
+  run: |
+    if [[ -s trivy.txt ]]; then
+      {
+        echo "### Security Output"
+        echo "<details><summary>Click to expand</summary>"
+        echo ""
+        echo '```terraform'
+        cat trivy.txt
+        echo '```'
+        echo "</details>"
+      } >> $GITHUB_STEP_SUMMARY
+    fi
+```
+
 ## Customizing

 Configuration priority:
@ -561,6 +590,7 @@ Following inputs can be used as `step.with` keys:
 | `trivy-config`               | String  |                                    | Path to trivy.yaml config                                                                                                                                      |
 | `github-pat`                 | String  |                                    | Authentication token to enable sending SBOM scan results to GitHub Dependency Graph. Can be either a GitHub Personal Access Token (PAT) or GITHUB_TOKEN        |
 | `limit-severities-for-sarif` | Boolean | false                              | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true** |
+| `docker-host`                | String  |                                    | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values                                      |

 ### Environment variables
 You can use [Trivy environment variables][trivy-env] to set the necessary options (including flags that are not supported by [Inputs](#inputs), such as `--secret-config`).
--- a/action.yaml
+++ b/action.yaml
@ -95,7 +95,7 @@ inputs:
    description: 'limit severities for SARIF format'
    required: false
  docker-host:
-    description: 'unix domain socket path to use for docker scanning'
+    description: 'unix domain socket path to use for docker scanning, ex. unix:///var/run/docker.sock'
    required: false

 runs:
@ -126,4 +126,4 @@ runs:
    - '-v ${{ inputs.trivy-config }}'
    - '-x ${{ inputs.tf-vars }}'
    - '-z ${{ inputs.limit-severities-for-sarif }}'
-    - '-y ${{ inputs.docker-host }}'
+    - '-y ${{ inputs.docker-host }}'
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -168,7 +168,7 @@ if [ "$hideProgress" == "true" ];then
  ARGS="$ARGS --quiet"
  SARIF_ARGS="$SARIF_ARGS --quiet"
 fi
-if [ "$dockerHost" == "true" ];then
+if [ $dockerHost ];then
  ARGS="$ARGS --docker-host $dockerHost"
 fi
Author	SHA1	Message	Date
Lukas Gravley	207cd40078	Fix docker host bug (#329 ) * Update entrypoint.sh should be a value not boolean * Update action.yaml add example * Update README.md	1 month ago
uridium	840deb4908	Browse scan reports without GitHub Advanced Security license (#328 )	1 month ago