andrew_zah
/
trivy-action
mirror of https://github.com/aquasecurity/trivy-action
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
update-to-v0.45.0
update-trivy-v0.43.1
bump-trivy-3
bump-trivy
add-support-for-trivy-config
fix-golden-files
exit-code-test
update-tarball-docs
volume-mounts
update-readme
revert-45-fix_sarif_duplicate_rule_id
knqyf263-patch-1
artifact_types
sarif-support-2
0.0.1
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.2
0.0.20
0.0.21
0.0.22
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.10.0
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.13.1
0.14.0
0.15.0
0.16.0
0.16.1
0.17.0
0.18.0
0.19.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.8.0
0.9.0
0.9.1
0.9.2
v0.0.10
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
trivy-action/action.yaml

130 lines
4.0 KiB
YAML
Raw Permalink Blame History

name: 'Aqua Security Trivy'
description: 'Scans container images for vulnerabilities with Trivy'
author: 'Aqua Security'
inputs:
scan-type:
description: 'Scan type to use for scanning vulnerability'
required: false
default: 'image'
image-ref:
description: 'image reference(for backward compatibility)'
required: false
input:
description: 'reference of tar file to scan'
required: false
default: ''
scan-ref:
description: 'Scan reference'
required: false
default: '.'
exit-code:
description: 'exit code when vulnerabilities were found'
required: false
ignore-unfixed:
description: 'ignore unfixed vulnerabilities'
required: false
default: 'false'
vuln-type:
description: 'comma-separated list of vulnerability types (os,library)'
required: false
default: 'os,library'
severity:
description: 'severities of vulnerabilities to be displayed'
required: false
default: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
format:
description: 'output format (table, json, template)'
required: false
default: 'table'
template:
description: 'use an existing template for rendering output (@/contrib/gitlab.tpl, @/contrib/junit.tpl, @/contrib/html.tpl)'
required: false
default: ''
output:
description: 'writes results to a file with the specified file name'
required: false
default: ''
skip-dirs:
description: 'comma separated list of directories where traversal is skipped'
required: false
default: ''
skip-files:
description: 'comma separated list of files to be skipped'
required: false
default: ''
cache-dir:
description: 'specify where the cache is stored'
required: false
default: ''
timeout:
description: 'timeout (default 5m0s)'
required: false
default: ''
ignore-policy:
description: 'filter vulnerabilities with OPA rego language'
required: false
default: ''
hide-progress:
description: 'suppress progress bar and log output'
required: false
list-all-pkgs:
description: 'output all packages regardless of vulnerability'
required: false
default: 'false'
scanners:
description: 'comma-separated list of what security issues to detect'
required: false
default: ''
trivyignores:
description: 'comma-separated list of relative paths in repository to one or more .trivyignore files'
required: false
default: ''
artifact-type:
description: 'input artifact type (image, fs, repo, archive) for SBOM generation'
required: false
github-pat:
description: 'GitHub Personal Access Token (PAT) for submitting SBOM to GitHub Dependency Snapshot API'
required: false
trivy-config:
description: 'path to trivy.yaml config'
required: false
tf-vars:
description: "path to terraform tfvars file"
required: false
limit-severities-for-sarif:
description: 'limit severities for SARIF format'
required: false
docker-host:
description: 'unix domain socket path to use for docker scanning, ex. unix:///var/run/docker.sock'
required: false
runs:
using: 'docker'
image: "Dockerfile"
args:
- '-a ${{ inputs.scan-type }}'
- '-b ${{ inputs.format }}'
- '-c ${{ inputs.template }}'
- '-d ${{ inputs.exit-code }}'
- '-e ${{ inputs.ignore-unfixed }}'
- '-f ${{ inputs.vuln-type }}'
- '-g ${{ inputs.severity }}'
- '-h ${{ inputs.output }}'
- '-i ${{ inputs.image-ref }}'
- '-j ${{ inputs.scan-ref }}'
- '-k ${{ inputs.skip-dirs }}'
- '-l ${{ inputs.input }}'
- '-m ${{ inputs.cache-dir }}'
- '-n ${{ inputs.timeout }}'
- '-o ${{ inputs.ignore-policy }}'
- '-p ${{ inputs.hide-progress }}'
- '-q ${{ inputs.skip-files }}'
- '-r ${{ inputs.list-all-pkgs }}'
- '-s ${{ inputs.scanners }}'
- '-t ${{ inputs.trivyignores }}'
- '-u ${{ inputs.github-pat }}'
- '-v ${{ inputs.trivy-config }}'
- '-x ${{ inputs.tf-vars }}'
- '-z ${{ inputs.limit-severities-for-sarif }}'
- '-y ${{ inputs.docker-host }}'
Reference in New Issue View Git Blame Copy Permalink