forked from anchore/scan-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
48 lines (48 loc) · 2.27 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: 'Anchore Container Scan'
description: 'Scan docker containers with Anchore for vulnerabilities and policy violations'
branding:
color: blue
icon: check-circle
inputs:
image-reference:
description: 'The image to scan'
required: true
dockerfile-path:
description: 'Path to the dockerfile'
required: false
debug:
description: 'Set this to any value to enable verbose debug output'
required: false
default: 'false'
fail-build:
description: 'Set to any value to cause build to fail upon failed anchore policy evaluation'
required: false
default: 'false'
include-app-packages:
description: 'Set to true to include software packages during vulnerability scanning - this option will increase runtime of the action significantly. By default only OS packages are scanned for vulnerabilities.'
required: false
default: 'false'
custom-policy-path:
description: 'Path to a custom policy json file. See https://docs.anchore.com/current/docs/engine/general/concepts/policy/bundles/ for information on building bundles'
required: false
anchore-version:
description: 'Optionally, specify anchore-engine version (eg 0.5.2) to use instead of the default version'
required: false
acs-report-enable:
description: 'Optionally, enable feature that causes a result.sarif report to be generated after successful action execution. This report is compatible with GitHub Automated Code Scanning (ACS), as the artifact to upload for display as a Code Scanning Alert report.'
required: false
default: 'false'
acs-report-severity-cutoff:
description: 'With ACS reporting enabled, optionally specify the minimum vulnerability severity to trigger an "error" level ACS result. Valid choices are "Negligible", "Low", "Medium", "High" and "Critical". Any vulnerability with a severity less than this value will lead to a "warning" result. Default is "Medium".'
required: false
default: "Medium"
outputs:
billofmaterials:
description: 'The json output report specifying the content of the image'
vulnerabilities:
description: 'The found vulnerabilities for the image'
policycheck:
description: 'The json report for evaluating the image against the given policy, if present'
runs:
using: 'node12'
main: 'dist/index.js'