restructure

trivy/image_scan/README.md

@@ -0,0 +1,23 @@
+# Trivy Scan Image
+
+<!-- action-docs-description source="action.yml" -->
+## Description
+
+Scan a container image with Trivy
+<!-- action-docs-description source="action.yml" -->
+
+<!-- action-docs-inputs source="action.yml" -->
+## Inputs
+
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `IMAGE_PATH` | <p>The registry path to the image to scan</p> | `true` | `""` |
+| `IMAGE_TAG` | <p>The image tag to scan</p> | `true` | `""` |
+| `FAIL_HARD` | <p>Boolean: true will fail the build if vulnerabilities are found, false will not</p> | `false` | `false` |
+<!-- action-docs-inputs source="action.yml" -->
+
+<!-- action-docs-runs source="action.yml" -->
+## Runs
+
+This action is a `composite` action.
+<!-- action-docs-runs source="action.yml" -->

trivy/image_scan/action.yml

@@ -0,0 +1,21 @@
+name: Trivy Scan Image
+description: Scan a container image with Trivy
+inputs:
+  IMAGE_PATH:
+    description: "The registry path to the image to scan"
+    required: true
+  IMAGE_TAG:
+    description: "The image tag to scan"
+    required: true
+  FAIL_HARD:
+    description: "Boolean: true will fail the build if vulnerabilities are found, false will not"
+    required: false
+    default: 'false'
+
+runs:
+  using: composite
+  steps:
+    - name: Scan Container Registry Image
+      shell: sh
+      run: |
+        trivy image ${{ inputs.IMAGE_PATH }}:${{ inputs.IMAGE_TAG }} --report=all --exit-code=${{ contains(fromJSON('["true"]'), inputs.FAIL_HARD) && '1' || '0' }} --severity CRITICAL,HIGH

trivy/namespace_scan/README.md

@@ -0,0 +1,21 @@
+# Trivy Scan K8S Namespace
+
+<!-- action-docs-description source="action.yml" -->
+## Description
+
+Scan kubernetes namespace for vulnerabilities
+<!-- action-docs-description source="action.yml" -->
+
+<!-- action-docs-inputs source="action.yml" -->
+## Inputs
+
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `NAMESPACE` | <p>The Kubernetes namespace to scan</p> | `true` | `""` |
+<!-- action-docs-inputs source="action.yml" -->
+
+<!-- action-docs-runs source="action.yml" -->
+## Runs
+
+This action is a `composite` action.
+<!-- action-docs-runs source="action.yml" -->

trivy/namespace_scan/action.yml

@@ -0,0 +1,14 @@
+name: Trivy Scan K8S Namespace
+description: Scan kubernetes namespace for vulnerabilities
+inputs:
+  NAMESPACE:
+    description: "The Kubernetes namespace to scan"
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Scan Kubernetes Namespace
+      shell: sh
+      run: |
+        trivy k8s --namespace ${{ inputs.NAMESPACE }} --report=all all