chore(trivy): Bump Trivy version to 0.29.1

Signed-off-by: Simar <simar@linux.com>
aquasecurity · Jun 21, 2022 · 7882980 · 7882980
1 parent 544b6c4
commit 7882980
Show file tree

Hide file tree

Showing 5 changed files with 188 additions and 2,489 deletions.
diff --git a/README.md b/README.md
@@ -252,10 +252,9 @@ jobs:
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'sbom'
+          scan-type: 'fs'
           format: 'github'
           output: 'dependency-results.sbom.json'
-          artifact-type: 'fs'
           image-ref: '.'
           github-pat: '<github_pat_token>'
 ```
@@ -430,7 +429,6 @@ Following inputs can be used as `step.with` keys:
 | `list-all-pkgs`   | String  |                                    | Output all packages regardless of vulnerability                                                 |
 | `security-checks` | String  | `vuln,secret`                      | comma-separated list of what security issues to detect (`vuln`,`secret`,`config`)               |
 | `trivyignores`    | String  |                                    | comma-separated list of relative paths in repository to one or more `.trivyignore` files        |
-| `artifact-type`   | String  | `image`                            | input artifact type (image, fs, repo, archive) for SBOM generation                              |
 | `github-pat`      | String  |                                    | GitHub Personal Access Token (PAT) for sending SBOM scan results to GitHub Dependency Snapshots |
 
 [release]: https://github.com/aquasecurity/trivy-action/releases/latest

diff --git a/action.yaml b/action.yaml
@@ -110,5 +110,4 @@ runs:
     - '-r ${{ inputs.list-all-pkgs }}'
     - '-s ${{ inputs.security-checks }}'
     - '-t ${{ inputs.trivyignores }}'
-    - '-u ${{ inputs.artifact-type }}'
-    - '-v ${{ inputs.github-pat }}'
+    - '-u ${{ inputs.github-pat }}'
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:" o; do
+while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:" o; do
    case "${o}" in
        a)
          export scanType=${OPTARG}
@@ -63,9 +63,6 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:" o; do
          export trivyIgnores=${OPTARG}
        ;;
        u)
-         export artifactType=${OPTARG}
-       ;;
-       v)
          export githubPAT=${OPTARG}
        ;;
   esac
@@ -159,9 +156,6 @@ if [ "$skipFiles" ];then
     ARGS="$ARGS --skip-files $i"
   done
 fi
-if [ $artifactType ]; then
-  ARGS="$ARGS --artifact-type $artifactType"
-fi
 
 echo "Running trivy with options: ${ARGS}" "${artifactRef}"
 echo "Global options: " "${GLOBAL_ARGS}"
@@ -176,7 +170,7 @@ if [[ "${format}" == "sarif" ]]; then
   trivy --quiet ${scanType} --format sarif --output ${output} $SARIF_ARGS ${artifactRef}
 fi
 
-if [[ "${format}" == "github" ]]; then
+if [[ "${format}" == "github" ]] && [[ "$(echo $githubPAT | xargs)" != "" ]]; then
   echo "Uploading GitHub Dependency Snapshot"
   curl -u "${githubPAT}" -H 'Content-Type: application/json' 'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs)
 fi