Added platform and default fail on high vulnerability
This commit is contained in:
@@ -15,6 +15,14 @@ inputs:
|
|||||||
description: The grype configuration path
|
description: The grype configuration path
|
||||||
required: false
|
required: false
|
||||||
default: ""
|
default: ""
|
||||||
|
platform:
|
||||||
|
description: The platform architecture to scan
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
failOn:
|
||||||
|
description: Fail if a vulnerability is rated above or equal. [negligible,low,medium,high,critical]
|
||||||
|
required: false
|
||||||
|
default: "high"
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: docker
|
using: docker
|
||||||
|
|||||||
@@ -3,6 +3,8 @@
|
|||||||
INPUT_IMAGE_NAME=$imageName
|
INPUT_IMAGE_NAME=$imageName
|
||||||
INPUT_IMAGE_PREFIX=$imagePrefix
|
INPUT_IMAGE_PREFIX=$imagePrefix
|
||||||
INPUT_CONFIG_PATH=$config
|
INPUT_CONFIG_PATH=$config
|
||||||
|
INPUT_PLATFORM=$platform
|
||||||
|
INPUT_FAIL_ON=$failOn
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
@@ -23,10 +25,18 @@ if [ -z "$INPUT_IMAGE_NAME" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
GRYPE_OPTIONS=("-v")
|
GRYPE_OPTIONS=("-v" "--by-cve")
|
||||||
|
|
||||||
if [ -n "$INPUT_CONFIG_PATH" ]; then
|
if [ -n "$INPUT_CONFIG_PATH" ]; then
|
||||||
GRYPE_OPTIONS+=("-c" "$INPUT_CONFIG_PATH")
|
GRYPE_OPTIONS+=("--config" "$INPUT_CONFIG_PATH")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$INPUT_PLATFORM" ]; then
|
||||||
|
GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$INPUT_FAIL_ON" ]; then
|
||||||
|
GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
|
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
|
||||||
|
|||||||
Reference in New Issue
Block a user