22 lines
689 B
YAML
22 lines
689 B
YAML
name: Trivy Scan Image
|
|
description: Scan a container image with Trivy
|
|
inputs:
|
|
IMAGE_PATH:
|
|
description: "The registry path to the image to scan"
|
|
required: true
|
|
IMAGE_TAG:
|
|
description: "The image tag to scan"
|
|
required: true
|
|
FAIL_HARD:
|
|
description: "Boolean: true will fail the build if vulnerabilities are found, false will not"
|
|
required: false
|
|
default: 'false'
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Scan Container Registry Image
|
|
shell: sh
|
|
run: |
|
|
trivy image ${{ inputs.IMAGE_PATH }}:${{ inputs.IMAGE_TAG }} --report=all --exit-code=${{ contains(fromJSON('["true"]'), inputs.FAIL_HARD) && '1' || '0' }} --severity CRITICAL,HIGH
|