Skip to content

Commit

Permalink
(feat) Add support for security-checks flag
Browse files Browse the repository at this point in the history
When using fs mode add option to list of what security issues to detect
  • Loading branch information
oranmoshai committed Apr 13, 2022
1 parent 40c4ca9 commit 9fbcc91
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 1 deletion.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,7 @@ Following inputs can be used as `step.with` keys:
| `timeout` | String | `5m0s` | Scan timeout duration |
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
| `list-all-pkgs` | String | | Output all packages regardless of vulnerability |
| `security-checks`| String | `vuln` | comma-separated list of what security issues to detect (`vuln`,`config`)|

[release]: https://github.com/aquasecurity/trivy-action/releases/latest
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github
Expand Down
5 changes: 5 additions & 0 deletions action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,10 @@ inputs:
description: 'output all packages regardless of vulnerability'
required: false
default: 'false'
security-checks:
description: 'comma-separated list of what security issues to detect'
required: false
default: ''
runs:
using: 'docker'
image: "Dockerfile"
Expand All @@ -95,3 +99,4 @@ runs:
- '-p ${{ inputs.hide-progress }}'
- '-q ${{ inputs.skip-files }}'
- '-r ${{ inputs.list-all-pkgs }}'
- '-s ${{ inputs.security-checks }}'
8 changes: 7 additions & 1 deletion entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash
set -e
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:" o; do
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:" o; do
case "${o}" in
a)
export scanType=${OPTARG}
Expand Down Expand Up @@ -56,6 +56,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:" o; do
r)
export listAllPkgs=${OPTARG}
;;
s)
export securityChecks=${OPTARG}
;;
esac
done

Expand Down Expand Up @@ -95,6 +98,9 @@ if [ $vulnType ] && [ "$scanType" != "config" ];then
ARGS="$ARGS --vuln-type $vulnType"
SARIF_ARGS="$SARIF_ARGS --vuln-type $vulnType"
fi
if [ $securityChecks ] && [ "$scanType" == "fs" ];then
ARGS="$ARGS --security-checks $securityChecks"
fi
if [ $severity ];then
ARGS="$ARGS --severity $severity"
fi
Expand Down

0 comments on commit 9fbcc91

Please sign in to comment.