diff --git a/README.md b/README.md index 94bc53c..ce3bb00 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,55 @@ -# Trivy GitHub Action +# Trivy Action +> [GitHub Action](https://github.com/features/actions) for Trivy + +## Table of Contents + +- [Usage](#usage) + - [Workflow](#workflow) +- [Customizing](#customizing) + - [Inputs](#inputs) + +## Usage + +### Workflow + +```yaml +name: build +on: + push: + branches: + - master + pull_request: +jobs: + build: + name: Build + runs-on: ubuntu-18.04 + steps: + - name: Setup Go + uses: actions/setup-go@v1 + with: + go-version: 1.14 + - name: Checkout code + uses: actions/checkout@v2 + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/my-organization/my-app:${{ github.sha }} + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@0.0.4 + with: + image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' + format: 'table' + exit-code: '1' +``` + +## Customizing + +### inputs + +Following inputs can be used as `step.with` keys: + +| Name | Type | Default | Description | +|-------------|--------|---------|-------------------------------------------| +| `image-ref` | String | | Image reference, e.g. `alpine:3.10.2` | +| `format` | String | `table` | Output format (`table`, `json`) | +| `exit-code` | String | `0` | exit code when vulnerabilities were found | diff --git a/action.yaml b/action.yaml index 9b50515..231d570 100644 --- a/action.yaml +++ b/action.yaml @@ -13,9 +13,13 @@ inputs: description: 'output format (table, json)' required: false default: 'table' + version: + description: 'version of Trivy to use' + required: false + default: 'latest' runs: using: 'docker' - image: 'docker://docker.io/aquasec/trivy:latest' + image: 'docker://docker.io/aquasec/trivy:${{ inputs.version }}' args: - 'image' - '--format=${{ inputs.format }}'