Skip to content

Latest commit

 

History

History
67 lines (52 loc) · 2.77 KB

README.md

File metadata and controls

67 lines (52 loc) · 2.77 KB

Gitrivy (GitHub Issue + Trivy Action)

GitHub Workflow Status GitHub Workflow Status GitHub Workflow Status GitHub release (latest by date) LICENSE

This is a GitHub Actions to scan vulnerability using Trivy.
If vulnerabilities are found by Trivy, it creates the following GitHub Issue.

image

Feature

  • Scan vulnerability used by Trivy
  • Create or Update GitHub Issue if vulnerabilities found
    • Customize Issue title, label and assignee
    • Issue body is generated by template parameter

Inputs

Parameter Required Default Value Description
token True N/A GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.
image True N/A The target image name to scan the vulnerability
Specify this parameter or IMAGE_NAME environment variable
trivy_version False latest Trivy version
severity False HIGH,CRITICAL Severities of vulnerabilities (separated by commma)
vuln_type False os,library Scan target are os and / or library (separated by commma)
ignore_unfixed False false Ignore unfixed vulnerabilities
Please specify true or false
template False N/A Path to template file
This parameter equals trivy --template option
By default, it uses src/default.tpl which is based on contrib/html.tpl
reference: Report Formats - Trivy
issue_title False Security Alert Issue title
issue_label False trivy,vulnerability Issue label (separated by commma)
issue_assignee False N/A Issue assignee (separated by commma)
fail_on_vulnerabilities False false Whether the action should fail if any vulnerabilities were found.

Outputs

Parameter Description
html_url The URL to view the issue
issue_number The created issue number

Example

Detect your docker image vulnerability everyday at 9:00 (UTC).

name: Vulnerability Scan

on:
  schedule:
    - cron: '0 9 * * *'

jobs:
  scan:
    name: Daily Vulnerability Scan
    runs-on: ubuntu-latest
    steps:
      - name: Pull docker image
        run: docker pull sample

      - uses: lazy-actions/gitrivy@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          image: sample