Added platform and default fail on high vulnerability
This commit is contained in:
@@ -15,6 +15,14 @@ inputs:
|
||||
description: The grype configuration path
|
||||
required: false
|
||||
default: ""
|
||||
platform:
|
||||
description: The platform architecture to scan
|
||||
required: false
|
||||
default: ""
|
||||
failOn:
|
||||
description: Fail if a vulnerability is rated above or equal. [negligible,low,medium,high,critical]
|
||||
required: false
|
||||
default: "high"
|
||||
|
||||
runs:
|
||||
using: docker
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
INPUT_IMAGE_NAME=$imageName
|
||||
INPUT_IMAGE_PREFIX=$imagePrefix
|
||||
INPUT_CONFIG_PATH=$config
|
||||
INPUT_PLATFORM=$platform
|
||||
INPUT_FAIL_ON=$failOn
|
||||
|
||||
set -e
|
||||
|
||||
@@ -23,10 +25,18 @@ if [ -z "$INPUT_IMAGE_NAME" ]; then
|
||||
exit 1
|
||||
fi;
|
||||
|
||||
GRYPE_OPTIONS=("-v")
|
||||
GRYPE_OPTIONS=("-v" "--by-cve")
|
||||
|
||||
if [ -n "$INPUT_CONFIG_PATH" ]; then
|
||||
GRYPE_OPTIONS+=("-c" "$INPUT_CONFIG_PATH")
|
||||
GRYPE_OPTIONS+=("--config" "$INPUT_CONFIG_PATH")
|
||||
fi
|
||||
|
||||
if [ -n "$INPUT_PLATFORM" ]; then
|
||||
GRYPE_OPTIONS+=("--platform" "$INPUT_PLATFORM")
|
||||
fi
|
||||
|
||||
if [ -n "$INPUT_FAIL_ON" ]; then
|
||||
GRYPE_OPTIONS+=("--fail-on" "$INPUT_FAIL_ON")
|
||||
fi
|
||||
|
||||
GRYPE_OPTIONS+=("registry:${IMAGE_NAME}")
|
||||
|
||||
Reference in New Issue
Block a user