-
Notifications
You must be signed in to change notification settings - Fork 77
/
action.yml
63 lines (63 loc) · 2.52 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
name: "Anchore Container Scan"
description: "Scan docker containers with Grype for vulnerabilities"
branding:
color: blue
icon: check-circle
inputs:
image:
description: 'The image to scan. This option is mutually exclusive with "path" and "sbom". '
required: false
path:
description: 'The path to scan. This option is mutually exclusive with "image" and "sbom".'
required: false
sbom:
description: 'The SBOM file to scan. This option is mutually exclusive with "path" and "image".'
required: false
fail-build:
description: "Set to false to avoid failing based on severity-cutoff. Default is to fail when severity-cutoff is reached (or surpassed)"
required: false
default: "true"
output-format:
description: 'Set the output parameter after successful action execution. Valid choices are "json", "sarif", "cyclonedx", "cyclonedx-json" and "table".'
required: false
default: "sarif"
output-file:
description: 'The file to output the grype scan results to'
required: false
severity-cutoff:
description: 'Optionally specify the minimum vulnerability severity to trigger an "error" level ACS result. Valid choices are "negligible", "low", "medium", "high" and "critical". Any vulnerability with a severity less than this value will lead to a "warning" result. Default is "medium".'
required: false
default: "medium"
only-fixed:
description: "Specify whether to only report vulnerabilities that have a fix available. Default is false."
required: false
default: "false"
add-cpes-if-none:
description: "Specify whether to autogenerate missing CPEs. Default is false."
required: false
default: "false"
by-cve:
description: "Specify whether to orient results by CVE rather than GHSA. Default is false."
required: false
default: "false"
grype-version:
description: "A specific version of Grype to install"
required: false
vex:
description: "Specify a list of VEX documents to consider when producing scanning results."
required: false
cache-db:
description: "Cache the Grype DB in GitHub action cache and restore before checking for updates"
required: false
outputs:
sarif:
description: "Path to a SARIF report file for the scan"
json:
description: "Path to a JSON report file for the scan"
cyclonedx-xml:
description: "Path to a CycloneDX XML report file for the scan"
cyclonedx-json:
description: "Path to a CycloneDX JSON report file for the scan"
runs:
using: "node20"
main: "dist/index.js"