From 47faba6c9fbbfa720b67dbcc3cb68d8a75ac718c Mon Sep 17 00:00:00 2001
From: Skydust <evann.jallet@gmail.com>
Date: Tue, 26 Nov 2024 20:25:37 +0100
Subject: [PATCH] Added platform and default fail on high vulnerability

---
 action.yml    |  8 ++++++++
 entrypoint.sh | 14 ++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/action.yml b/action.yml
index 0cafa41..40d484b 100644
--- a/action.yml
+++ b/action.yml
@@ -15,6 +15,14 @@ inputs:
     description: The grype configuration path
     required: false
     default: ""
+  platform:
+    description: The platform architecture to scan
+    required: false
+    default: ""
+  failOn:
+    description: Fail if a vulnerability is rated above or equal. [negligible,low,medium,high,critical]
+    required: false
+    default: "high"
 
 runs:
   using: docker
diff --git a/entrypoint.sh b/entrypoint.sh
index b78df1b..420df5d 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,6 +3,8 @@
 INPUT_IMAGE_NAME=$imageName
 INPUT_IMAGE_PREFIX=$imagePrefix
 INPUT_CONFIG_PATH=$config
+INPUT_PLATFORM=$platform
+INPUT_FAIL_ON=$failOn
 
 set -e
 
@@ -23,10 +25,18 @@ if [ -z "$INPUT_IMAGE_NAME" ]; then
   exit 1
 fi;
 
-GRYPE_OPTIONS=("-v")
+GRYPE_OPTIONS=("-v" "--by-cve")
 
 if [ -n "$INPUT_CONFIG_PATH" ]; then
-  GRYPE_OPTIONS+=("-c" "$INPUT_CONFIG_PATH")
+  GRYPE_OPTIONS+=("--config" "$INPUT_CONFIG_PATH")
+fi
+
+if [ -n "$INPUT_PLATFORM" ]; then
+  GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM")
+fi
+
+if [ -n "$INPUT_FAIL_ON" ]; then
+  GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON")
 fi
 
 GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")