forked from anchore/scan-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
33 lines (33 loc) · 1.49 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
name: "Anchore Container Scan"
description: "Scan docker containers with Grype for vulnerabilities"
branding:
color: blue
icon: check-circle
inputs:
image:
description: 'The image to scan. This option is mutually exclusive with "path" and "sbom". '
required: false
path:
description: 'The path to scan. This option is mutually exclusive with "image" and "sbom".'
required: false
sbom:
description: 'The SBOM file to scan. This option is mutually exclusive with "path" and "image".'
required: false
fail-build:
description: "Set to false to avoid failing based on severity-cutoff. Default is to fail when severity-cutoff is reached (or surpassed)"
required: false
default: "true"
acs-report-enable:
description: "Generate a SARIF report and set the `sarif` output parameter after successful action execution. This report is compatible with GitHub Automated Code Scanning (ACS), as the artifact to upload for display as a Code Scanning Alert report."
required: false
default: "true"
severity-cutoff:
description: 'Optionally specify the minimum vulnerability severity to trigger an "error" level ACS result. Valid choices are "negligible", "low", "medium", "high" and "critical". Any vulnerability with a severity less than this value will lead to a "warning" result. Default is "medium".'
required: false
default: "medium"
outputs:
sarif:
description: "Path to a SARIF report file for the image"
runs:
using: "node16"
main: "dist/index.js"