-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yaml
85 lines (85 loc) · 3.02 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: 'Harbor Scan Report'
branding:
icon: 'check-square'
color: 'yellow'
description: 'Publish a Harbor image vulnerability scan report to PR comment'
inputs:
harbor-host:
description: 'Hostname of your Harbor instance (without protocol).'
required: true
harbor-robot:
description: 'Robot or Username to access Harbor with.'
required: false
harbor-token:
description: "Robot's Token (or Username's password)"
required: false
image:
description: 'Image to scan (project/repo:tag[@digest])'
required: true
digest:
description: "Excepted SHA256 digest of image. Ignored, if digest is present in image. Format: 'sha256:01814f4b10f321f09244a919d34b0d5706d95624b4c69d75866bb9935a89582d'"
required: false
max-allowed-severity:
description: 'Minimum Vulnerability severity after which action considered as failed. Values: none, low, medium, high, critical'
required: false
default: 'critical'
report-sort-by:
description: 'Sorting criteria for Vulnerability Report. Values: severity, score'
required: false
default: 'severity'
report-only-fixable:
description: 'If set to true, Vulnerability Report will contain only items that have fix version'
required: false
default: 'false'
github-url:
description: "github.event.issue.comments_url - for issue, github.event.pull_request.comments_url - for PR"
required: false
github-token:
description: 'A GitHub personal access token used to commit to a branch on your behalf.'
required: false
comment-title:
description: 'Custom comment title'
required: false
default: 'Docker Image Vulnerability Report'
comment-mode:
description: 'Create new comment or update exising. Possible values are: create_new, update_last'
required: false
default: 'create_new'
timeout:
description: 'How long action should wait for image and scan report (in seconds)'
required: false
default: '120'
check-interval:
description: 'Time (in seconds) between retries. Valid for waiting for image appears in Harbor and waiting for report'
required: false
default: '5'
harbor-proto:
description: 'Protocol of Harbor instance. Use it, if your Harbor uses http'
required: false
default: 'https'
harbor-port:
description: 'Custom port of Harbor instance. Use it, if Harbor instance has custom port'
required: false
default: ''
runs:
using: 'docker'
# uncomment for dev purposes
# image: 'Dockerfile'
image: 'docker://kio.ee/kyberorg/hsr:v0.5.2'
args:
- ${{ inputs.harbor-host }}
- ${{ inputs.harbor-robot }}
- ${{ inputs.harbor-token }}
- ${{ inputs.image }}
- ${{ inputs.max-allowed-severity }}
- ${{ inputs.github-url }}
- ${{ inputs.github-token }}
- ${{ inputs.harbor-proto }}
- ${{ inputs.harbor-port }}
- ${{ inputs.comment-title }}
- ${{ inputs.comment-mode }}
- ${{ inputs.timeout }}
- ${{ inputs.check-interval }}
- ${{ inputs.digest }}
- ${{ inputs.report-sort-by }}
- ${{ inputs.report-only-fixable }}