Skip to content

Commit

Permalink
Update action documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Jan 20, 2025
1 parent c9e8a77 commit 105f659
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ you must first add your GitHub repository to [github-repositories-terraform](htt
| `push` | If `true`, the action will push the Docker image to the registry. | no | `true` |
| `registry` | What container registry to use, we support Azure Container Registry (ACR) and GitHub Container Registry (GHCR). You should set this to the URL of the registry you want to use, e.g. `ghcr.io/3lvia` or `myregistry.azurecr.io`. The action will authenticate with the registry depending on the value of the URL, i.e. if the URL contains `azurecr.io`jor `ghcr.io`. If set to an ACR registry, Elvia's private Azure Container Registry will be used by default. You can also set these explictly to point to your own ACR. Using ACR requires the permissions `id-token: write` to access the registry using OIDC. If set to a GHCR registry, the action will push to the GitHub Container Registry of the repository. Using GHCR requires the `packages: write` permission to push to the registry. | no | |
| `severity` | Severity levels to scan for. See [Trivy documentation](https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#inputs) for more information. | no | `CRITICAL` |
| `sign-image` | If `true`, the action will sign the Docker image with Cosign. This will default to `true` in the near future. | no | `false` |
| `sign-image` | If `true`, the action will sign the Docker image with Cosign. | no | `true` |
| `trivy-cve-ignores` | Comma-separated list of CVEs for Trivy to ignore. See [Trivy documentation](https://aquasecurity.github.io/trivy/v0.49/docs/configuration/filtering/#trivyignore) for syntax. | no | |
| `trivy-post-comment` | If `true`, the action will post a comment to the PR with the Trivy scan results. The comment will only be posted if the action is ran on a pull request. This action requires the permission `pull-requests: write` to be set for the job. | no | `false` |
| `trivy-upload-report` | If `true`, the action will upload Trivy scan results to GitHub Advanced Security. This actions requires GitHub Advanced Security to be enabled for the repository, and the permissions `actions: read` and `security-events: write` to be set for the job. | no | `false` |
Expand Down Expand Up @@ -220,10 +220,10 @@ More permissions might be required depending on the inputs set, see the actions
# Default: 'CRITICAL'

sign-image:
# If `true`, the action will sign the Docker image with Cosign. This will default to `true` in the near future.
# If `true`, the action will sign the Docker image with Cosign.
#
# Required: no
# Default: 'false'
# Default: 'true'

trivy-cve-ignores:
# Comma-separated list of CVEs for Trivy to ignore. See [Trivy documentation](https://aquasecurity.github.io/trivy/v0.49/docs/configuration/filtering/#trivyignore) for syntax.
Expand Down

0 comments on commit 105f659

Please sign in to comment.