mirror of
https://github.com/aquasecurity/trivy-action.git
synced 2026-05-14 03:02:40 +00:00
feat: add ignore-policy option to filter vulnerabilities (#48)
* feat: add ignore-policy option to filter vulnerabilities * fix: format README
This commit is contained in:
Anand Gautam
GitHub
@@ -291,6 +291,7 @@ Following inputs can be used as `step.with` keys:
|
|||||||
| `skip-dirs` | String | | Comma separated list of directories where traversal is skipped |
|
| `skip-dirs` | String | | Comma separated list of directories where traversal is skipped |
|
||||||
| `cache-dir` | String | | Cache directory |
|
| `cache-dir` | String | | Cache directory |
|
||||||
| `timeout` | String | `2m0s` | Scan timeout duration |
|
| `timeout` | String | `2m0s` | Scan timeout duration |
|
||||||
|
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
|
||||||
|
|
||||||
[release]: https://github.com/aquasecurity/trivy-action/releases/latest
|
[release]: https://github.com/aquasecurity/trivy-action/releases/latest
|
||||||
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github
|
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github
|
||||||
|
|||||||
@@ -57,6 +57,10 @@ inputs:
|
|||||||
description: 'timeout (default 2m0s)'
|
description: 'timeout (default 2m0s)'
|
||||||
required: false
|
required: false
|
||||||
default: ''
|
default: ''
|
||||||
|
ignore-policy:
|
||||||
|
description: 'filter vulnerabilities with OPA rego language'
|
||||||
|
required: false
|
||||||
|
default: ''
|
||||||
runs:
|
runs:
|
||||||
using: 'docker'
|
using: 'docker'
|
||||||
image: "Dockerfile"
|
image: "Dockerfile"
|
||||||
@@ -75,3 +79,4 @@ runs:
|
|||||||
- '-l ${{ inputs.input }}'
|
- '-l ${{ inputs.input }}'
|
||||||
- '-m ${{ inputs.cache-dir }}'
|
- '-m ${{ inputs.cache-dir }}'
|
||||||
- '-n ${{ inputs.timeout }}'
|
- '-n ${{ inputs.timeout }}'
|
||||||
|
- '-o ${{ inputs.ignore-policy }}'
|
||||||
|
|||||||
+7
-1
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:" o; do
|
while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:" o; do
|
||||||
case "${o}" in
|
case "${o}" in
|
||||||
a)
|
a)
|
||||||
export scanType=${OPTARG}
|
export scanType=${OPTARG}
|
||||||
@@ -44,6 +44,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:" o; do
|
|||||||
n)
|
n)
|
||||||
export timeout=${OPTARG}
|
export timeout=${OPTARG}
|
||||||
;;
|
;;
|
||||||
|
o)
|
||||||
|
export ignorePolicy=${OPTARG}
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
@@ -92,6 +95,9 @@ fi
|
|||||||
if [ $timeout ];then
|
if [ $timeout ];then
|
||||||
ARGS="$ARGS --timeout $timeout"
|
ARGS="$ARGS --timeout $timeout"
|
||||||
fi
|
fi
|
||||||
|
if [ $ignorePolicy ];then
|
||||||
|
ARGS="$ARGS --ignore-policy $ignorePolicy"
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Running trivy with options: " --no-progress "${ARGS}" "${artifactRef}"
|
echo "Running trivy with options: " --no-progress "${ARGS}" "${artifactRef}"
|
||||||
trivy ${scanType} --no-progress $ARGS ${artifactRef}
|
trivy ${scanType} --no-progress $ARGS ${artifactRef}
|
||||||
|
|||||||
Reference in New Issue
Block a user