aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
219 Commits 7 Branches 75 Tags
1994662b5555670344cd84d29ed3cad4bd26f31c
Commit Graph

65 Commits

Author SHA1 Message Date
dependabot[bot] 1994662b55 chore(deps): bump the actions group with 5 updates (#558) 
* chore(deps): bump the actions group with 5 updates

Bumps the actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) | `e6c2c5e321ed9123bda567646e2f96565e34abe1` | `3fb12ec12f41e471780db15c232d5dd185dcb514` |
| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `5.0.4` |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |
| [bats-core/bats-action](https://github.com/bats-core/bats-action) | `3.0.1` | `4.0.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.2` |


Updates `aquasecurity/setup-trivy` from e6c2c5e321ed9123bda567646e2f96565e34abe1 to 3fb12ec12f41e471780db15c232d5dd185dcb514
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases)
- [Commits](https://github.com/aquasecurity/setup-trivy/compare/e6c2c5e321ed9123bda567646e2f96565e34abe1...3fb12ec12f41e471780db15c232d5dd185dcb514)

Updates `actions/cache` from 4.2.4 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...27d5ce7f107fe9357f9df03efb73ab90386fccae)

Updates `actions/checkout` from 4.3.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd)

Updates `bats-core/bats-action` from 3.0.1 to 4.0.0
- [Release notes](https://github.com/bats-core/bats-action/releases)
- [Commits](https://github.com/bats-core/bats-action/compare/42fcc8700f773c075a16a90eb11674c0318ad507...77d6fb60505b4d0d1d73e48bd035b55074bbfb43)

Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...b1d7e1fb5de872772f31590499237e7cce841e8e)

---
updated-dependencies:
- dependency-name: aquasecurity/setup-trivy
  dependency-version: 3fb12ec12f41e471780db15c232d5dd185dcb514
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: bats-core/bats-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* style: change setup-trivy version in comment

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-04-15 15:22:02 +06:00
Aqua Security automated builds 57a97c7e78 chore(deps): Update trivy to v0.69.3 (#519) 
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com>
 2026-03-04 13:13:53 +06:00
Nicholas Jackson 4c61e6329b chore: bump default Trivy version to v0.69.2 (#513) 2026-03-02 08:54:24 +06:00
Nikita Pivkin 1bd062560b Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file 
feat: add YAML support for trivyignores
 2026-02-25 17:27:51 +06:00
Nikita Pivkin 16154502ca update trivyignores input description 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 13:20:10 +06:00
DmitriyLewen e368e32897 ci(test): add zizmor security linter for GitHub Actions (#502) 
* ci: add zizmor security linter for GitHub Actions

* ci: disable advanced-security for zizmor

* ci: pin all actions to commit hashes

* ci: fix zizmor linter errors in workflows

- Add explicit permissions blocks to all workflows
- Set persist-credentials: false for checkout actions
- Fix template injection by using env variables in run blocks

* fix: address zizmor template injection warnings in action.yaml

- Move inputs to env block to prevent template injection
- Add ignore comment for github-env false positive

* ci: fix remaining zizmor linter errors

- Add permissions and persist-credentials to test.yaml
- Fix ignore comment placement for github-env in action.yaml
 2026-02-20 15:24:24 -07:00
Aqua Security automated builds c1824fd6ed chore(deps): Update trivy to v0.69.1 (#506) 
Co-authored-by: simar7 <simar7@users.noreply.github.com>
 2026-02-12 12:51:05 -07:00
DmitriyLewen bc61dc5570 Merge commit from fork 2026-02-12 12:41:16 -07:00
simar7 0024b3f39e chore(deps): Update trivy to v0.68.1 2025-12-11 05:31:14 +00:00
Martin Costello b6643a29fe Update setup-trivy action to version v0.2.4 (#486) 2025-08-29 14:43:29 +06:00
simar7 7c0244b8c6 chore(deps): Update trivy to v0.65.0 2025-08-22 21:30:51 +00:00
Martin Costello c26e17b164 Pin actions/cache by SHA (#480) 
Resolves #479.
 2025-08-22 15:29:59 -06:00
Aqua Security automated builds dc5a429b52 chore(deps): Update trivy to v0.64.1 (#474) 
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com>
 2025-07-04 00:18:35 -06:00
Aqua Security automated builds 76071ef0d7 chore(deps): Update trivy to v0.63.0 (#467) 
* chore(deps): Update trivy to v0.63.0

* update test data

---------

Co-authored-by: simar7 <simar7@users.noreply.github.com>
Co-authored-by: Simar <simar@linux.com>
 2025-06-03 13:38:46 +06:00
Maxim Masiutin b3dafe507f Bump Trivy version to fix GitHub actions (#460) 2025-05-12 14:16:37 -06:00
Lari Hotari 99baf0d8b4 Pin aquasecuriy/setup-trivy to hash instead of tag (#456) 
* Pin aquasecuriy/setup-trivy to hash instead of tag

Fixes #423

* Address review comment

* Revisit previous change based on feedback
 2025-04-08 20:50:36 -06:00
Rob Vesse 7aca5acc95 fix: Trivy action inputs leaking between invocations (#422) (#454) 
* fix: use trivy_envs.txt for envs

* test: add test step

* refactor

* refactor

* test

* refactor: use `export` in trivy_envs.txt

* test

* test metadata.json

* test metadata.json

* Clean up envs file better (#422)

- Explicitly rm -f it at start and end of action
- Also remove temporary test steps from action

* Add BATS test for usage of trivy_envs.txt file (#422)

* Add optional step triggered only when Actions Debug logging

Dump the generated environment variables file only when tests are run
with actions debug logging

* Fix to always set env vars into file (#422)

This is done as long as they have a non-empty input value, or a
non-empty default value.

* Clean up env overwriting

- Remove unnecessary debug statements in the action used during testing
- Additional explanatory comments
- Fix to address case where caller explicitly injects environment
  variables, either via env: block on the action call or via GITHUB_ENV

* Further refine env var setting logic (#422)

Noted in documenting this fix that what had been implemented deviated
from the existing configuration priority documentation.  Amended the
implementation of the Action to try and restore that consistency.

* Fix shell syntax error (#422)

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-04-04 23:59:10 -06:00
Nikita Pivkin 6c175e9c40 chore: bump trivy to v0.60.0 (#453) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-03-13 20:58:00 -06:00
Yuta Tokoi ef1b561207 fix: typo in description of an input for action.yaml (#452) 2025-03-12 16:11:20 -06:00
simar7 18f2510ee3 chore(deps): Bump trivy to v0.57.1 (#434) 
* chore(deps): Bump trivy to v0.57.1

* update tests

* use mirrors from mirror.gcr.io

* update workflow for tests

* Revert "use mirrors from mirror.gcr.io"

This reverts commit 529a941eed.
 2024-11-19 17:11:53 -07:00
DmitriyLewen ee8934673c feat: add token for setup-trivy (#421) 
* feat: add `token-setup-trivy` input.

* docs: add info about `token-setup-trivy`

* fix: use correct commit

* refactor: use `default: ${{ github.token }}` for `token-setup-trivy`

* refactor: use `setup-trivy` v0.2.2
 2024-10-24 23:32:23 -06:00
Rob Vesse fc1500abdc feat: Allow skipping setup (#414) 
If a user is invoking the action multiple times then the trivy binary
gets installed multiple times.  Users can avoid this by managing the
installation themselves and setting the skip-setup input to true, or by
letting the action install in on their first invocation and then setting
skip-setup to true on subsequent invocations

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-10-15 19:57:47 -06:00
DmitriyLewen 915b19bbe7 chore(deps): bump setup-trivy to v0.2.1 (#411) 
* chore(deps): bump setup-trivy

* chore(deps): bump setup-trivy

* chore(deps): bump setup-trivy to `v0.2.1`
 2024-10-15 10:04:03 -06:00
Teppei Fukuda 5681af892c fix: set envs only when passed (#405) 
* fix: set envs when passed

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* use inputs.<input_id>.default

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Revert "use inputs.<input_id>.default"

This reverts commit 1a12292eac.

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-10-10 22:48:38 -06:00
DmitriyLewen 0fa0cdb177 ci: use setup-trivy to install Trivy (#406) 2024-10-09 15:36:41 -06:00
Teppei Fukuda a20de5420d feat: store artifacts in cache by default (#399) 
* feat: migrate to a composite action

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Fix tests

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Delete an unused input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: expect status code 0

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: not use run

https://bats-core.readthedocs.io/en/stable/writing-tests.html#when-not-to-use-run

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: add 'cache' input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: pin Trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: bump trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: use date for cache key

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore: delete a comment

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* refactor: resolve conflicts and use envs

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-10-08 14:20:38 -06:00
Lukas Gravley 207cd40078 Fix docker host bug (#329) 
* Update entrypoint.sh

should be a value not boolean

* Update action.yaml

add example

* Update README.md
 2024-04-04 22:59:05 -06:00
Calin Marina 0f287db5d3 feat(image): add --docker-host option for GH Action users (#267) 
* add option to update docker-host via cli parameter

* chore: update test results

---------

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-04-03 17:26:17 -06:00
uridium f72b7e8127 Make 'hide-progress' input working again (#323) 
* Make hide-progress input working again

* Unify 'hide-progress' default value
 2024-03-28 19:06:30 -06:00
Kyle Davies 22d2755f77 feature(config): add terraform variable files (#285) 
* Action now takes an input for terraform variable filess

* added tf-vars

* updated README.md

* Updated yamlconfig test to latest version of trivy output for that container

* updated for correct cpu type

* test trivy version change to 0.45.0

* run scan with correct parameters

* Added test for terraform tfvars

* Updated output for other tests

* use test data as path and updated tf vars to be relative

* removed quiet
 2023-12-04 16:27:47 -07:00
Pavel Kutáč 69cbbc0cbb fix: mark image-ref attribute optional (#261) 2023-09-14 22:32:56 -06:00
Viktor Sadovnikov 1f0aa582c8 Rename security-checks to scanners (#211) 
* Renaming securityChecks to runners

* Renaming securityChecks to runners

* Renaming securityChecks to runners

* Correcting README
 2023-03-06 21:00:01 -08:00
AndreyLevchenko 1e0bef4613 fix(sarif): Add option to limit severities for sarif (aquasecurity#192) (#198) 2023-02-01 16:18:31 -08:00
simar7 503d3abc15 feat(yaml): Add support for trivy.yaml (#143) 
* feat(yaml): Add support for trivy.yaml

Signed-off-by: Simar <simar@linux.com>

* chore: fixing test using trivy v 0.30.0

* chore(deps): Update to use Trivy v0.30.2

Signed-off-by: Simar <simar@linux.com>

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
 2022-07-21 16:36:46 -07:00
simar7 7b7aa264d8 feat(SBOM): Support SBOM generation (#129) 
* feat(sbom): Support SBOM generation

Signed-off-by: Simar <simar@linux.com>

* Update README.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* feat(sbom): Send results within the entrypoint.sh

* fix(sbom): Fix leading whitespaces for format var.

Signed-off-by: Simar <simar@linux.com>

* docs(sbom): Update README.md

* docs(sbom): Update README.md

* chore(trivy): Bump Trivy version to 0.29.1

Signed-off-by: Simar <simar@linux.com>

* feat(sbom): Change to fs scan.

Signed-off-by: Simar <simar@linux.com>

* fix(tests): Update SARIF goldenfile

Co-authored-by: Itay Shakury <itay@itaysk.com>
 2022-06-22 11:24:39 -07:00
nleconte-csgroup 63b6e4c61b docs: added missing HTML template and removed deprecated SARIF template (#132) 
* docs: add missing template

* docs: add missing template and remove deprecated

Add missing HTML template
Remove deprecated SARIF template

* docs: remove deprecated SARIF template
 2022-06-21 11:46:57 -07:00
Achton Smidt Winther 4b3b5f928b Add support for --ignorefile option (.trivyignore) (#122) 
* Add support for supplying one or more .trivyignore files.

* Fix gitignore for test data.

* Add test for trivyignores option.

* Be explicit about the trivy options we use during testing.

* Add documentation of trivyignores option.
 2022-06-14 07:41:49 -07:00
oranmoshai 9fbcc91008 (feat) Add support for security-checks flag 
When using fs mode add option to list of what security issues to detect
 2022-04-13 16:25:40 +03:00
Masayoshi Mizutani 8f4c7160b4 feat: Add list-all-pkgs option (#88) 2021-12-16 08:31:49 -08:00
gustavomonarin 9ec80b5796 feat(#59) add support to skip files (#60) 
* feat(#59) Add support to skip files

closes #59

* Fix skipFiles parameter check

The check should be if present not if enabled.
 2021-11-26 12:01:28 -08:00
Simar 101d9bacf6 Update action.yaml 2021-10-26 11:42:59 -07:00
Brandon Sorgdrager 9438b49cc3 Enable config scanning (#56) 
* Bump trivy image to enable use of config scan-type

* move --no-progress switch behind input arg and set default

* prevent unrelated args from passing with config scan-type

* fix invalid option passing

* set artifactRef if scanType = config

* Add workflow example for IAC/YAML scanning

* Update README.md

Co-authored-by: Simar <1254783+simar7@users.noreply.github.com>

* Update README.md

Co-authored-by: Simar <1254783+simar7@users.noreply.github.com>

* clean hideProgress input

Co-authored-by: Simar <1254783+simar7@users.noreply.github.com>
 2021-07-27 14:49:55 -07:00
Anand Gautam 09b815c470 feat: add ignore-policy option to filter vulnerabilities (#48) 
* feat: add ignore-policy option to filter vulnerabilities

* fix: format README
 2021-05-26 13:12:03 -07:00
Donald Piret b38389f8ef feat: add support for cache dire and timeout inputs (#35) 2021-04-07 12:50:09 -07:00
rahul2393 e2054f8b6a Added input option support (#34) 
* Added input option support

* Fix position of input flag

* update readme

* Update README.md

Co-authored-by: Simarpreet Singh <simar@linux.com>
 2021-03-24 13:54:13 -07:00
Anand Gautam c6431cf821 Feat/add skip dirs option (#33) 
Fixes: https://github.com/aquasecurity/trivy-action/issues/32
 2021-03-19 15:21:09 -07:00
rahul2393 1d28acf359 Add scan type as option (#27) 
* Add scan type as option

* Fix exitCode

* remove all options

* Add default value to scanRef and improve shell

* print args

* fix description.

* More changes
 2021-02-24 16:31:43 -08:00
Chris Aumann 7684771c94 Add vuln-type parameter (#19) 
Co-authored-by: Simarpreet Singh <simar@linux.com>
 2021-02-11 13:49:57 -08:00
Simarpreet Singh de7cb7d4ba Update action.yaml 
Co-authored-by: Daniel Pacak <pacak.daniel@gmail.com>
 2020-08-13 09:56:17 -07:00
Simarpreet Singh 9403afcefd Update action.yaml 
Update title to include Aqua Security for searchability purposes.
 2020-08-12 12:00:26 -07:00