-
Notifications
You must be signed in to change notification settings - Fork 23
/
action.yml
43 lines (43 loc) · 1.49 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: AWS ECR Scan Docker Image
description: Scan a Docker image stored in AWS ECR and fail if vulnerabilities are found.
inputs:
repository:
description: ECR repository, eg myorg/myimage.
required: true
tag:
description: Image tag to scan.
required: true
fail_threshold:
description: >
Fail if any vulnerabilities equal to or over this severity level are detected. Valid values: critical, high, medium, low, informational.
default: medium
ignore_list:
description: List of CVE IDs to ignore in the vulnerability findings.
error_missed_ignores:
description: >
Set to "error" if you want to raise an error when CVEs in the ignore list are not found. Set to "warn" to raise a warning only, and prevent the workflow from failing when CVEs in the ignore list are not found.
required: false
default: error
outputs:
critical:
description: Number of critical vulnerabilities detected.
high:
description: Number of high vulnerabilities detected.
medium:
description: Number of medium vulnerabilities detected.
low:
description: Number of low vulnerabilities detected.
informational:
description: Number of informational vulnerabilities detected.
unknown:
description: Number of unknown severity vulnerabilities detected.
total:
description: Total number of vulnerabilities detected.
findingsDetails:
description: Details of findings.
runs:
using: "docker"
image: "Dockerfile"
branding:
icon: "camera"
color: "orange"