You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
KSOC Image Scan
v0.0.3
KSOC scans for CVEs in your images as part of your GitHub Actions CI workflow.
This action is using Grype to scan for CVEs in given image.
name: ksoc-image-scan
on:
pull_request:
jobs:
ksoc-image-scan:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: build local container
uses: docker/build-push-action@v4
with:
tags: localbuild/testimage:latest
push: false
load: true
- name: KSOC Image Scan
uses: ksoclabs/[email protected]
with:
fail_on_severity: "medium"
ignore_cves: |
CVE-2021-1234
CVE-2021-5678
image: "localbuild/testimage:latest"
Above example shows how to build a local image and scan it for CVEs. It will fail the workflow if any CVE with medium
severity is found. If fail_on_severity
input is not provided, the action won't fail.
fail_on_severity
: The severity level that will cause the action to fail. If not provided, the action doesn't fail. Possible values arenegligible
,low
,medium
,high
andcritical
.ignore_cves
: A multiline string of CVEs to ignore. Each line should contain a single CVE ID. If not provided, no CVEs will be ignored.image
: The image to scan. This is a required input.