77137e9dc3
doc/correct-sbom-fs-scan ( #458 )
2025-07-07 12:48:46 -06:00
e7fbf034e4
Update dependencies in README ( #378 )
...
* chore: update dependencies in README
* chore: update the actions/checkout version in documentation
* chore: bump upload-sarif dependency from readme
* docs: bump actions/checkout to v4
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
---------
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-07-07 12:46:41 -06:00
dc5a429b52
chore(deps): Update trivy to v0.64.1 ( #474 )
...
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com >
2025-07-04 00:18:35 -06:00
76071ef0d7
chore(deps): Update trivy to v0.63.0 ( #467 )
...
* chore(deps): Update trivy to v0.63.0
* update test data
---------
Co-authored-by: simar7 <simar7@users.noreply.github.com >
Co-authored-by: Simar <simar@linux.com >
2025-06-03 13:38:46 +06:00
26d71e622b
refactor: use ubuntu 24.04 ( #465 )
2025-05-16 11:37:50 +06:00
b3dafe507f
Bump Trivy version to fix GitHub actions ( #460 )
2025-05-12 14:16:37 -06:00
7aca5acc95
fix: Trivy action inputs leaking between invocations ( #422 ) ( #454 )
...
* fix: use trivy_envs.txt for envs
* test: add test step
* refactor
* refactor
* test
* refactor: use `export` in trivy_envs.txt
* test
* test metadata.json
* test metadata.json
* Clean up envs file better (#422 )
- Explicitly rm -f it at start and end of action
- Also remove temporary test steps from action
* Add BATS test for usage of trivy_envs.txt file (#422 )
* Add optional step triggered only when Actions Debug logging
Dump the generated environment variables file only when tests are run
with actions debug logging
* Fix to always set env vars into file (#422 )
This is done as long as they have a non-empty input value, or a
non-empty default value.
* Clean up env overwriting
- Remove unnecessary debug statements in the action used during testing
- Additional explanatory comments
- Fix to address case where caller explicitly injects environment
variables, either via env: block on the action call or via GITHUB_ENV
* Further refine env var setting logic (#422 )
Noted in documenting this fix that what had been implemented deviated
from the existing configuration priority documentation. Amended the
implementation of the Action to try and restore that consistency.
* Fix shell syntax error (#422 )
---------
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io >
2025-04-04 23:59:10 -06:00
ea27ac12e1
docs: add info that unix:/ prefix is required ( #455 )
2025-04-01 21:44:53 -06:00
6c175e9c40
chore: bump trivy to v0.60.0 ( #453 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-03-13 20:58:00 -06:00
53e8848d3e
Improve README/SBOM ( #439 )
...
* Improve README/SBOM
* Use logical workflow name
* Use modern ubuntu version
* Update README.md
2025-03-12 16:11:45 -06:00
a11da62073
fix: Update default trivy version in README ( #444 )
...
As part of PR #434 the default trivy version got bumped
but the readme didn't reflect it.
2025-01-07 16:37:47 -07:00
18f2510ee3
chore(deps): Bump trivy to v0.57.1 ( #434 )
...
* chore(deps): Bump trivy to v0.57.1
* update tests
* use mirrors from mirror.gcr.io
* update workflow for tests
* Revert "use mirrors from mirror.gcr.io"
This reverts commit 529a941eed
2024-11-19 17:11:53 -07:00
93941cebba
docs: remove ignore-unfixed from IaC scan example ( #429 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2024-11-18 16:54:58 -07:00
d2a392a137
fix: bump setup-trivy and add new contrib directory path info ( #424 )
...
* chore(deps): use fork for setup-trivy
* docs: add info about templates
* refactor: use `setup-trivy` v0.2.2
* docs: remove `./` prefix
* Merge branch 'main' into 'fix/contrib-dir'
* docs: fix link
* docs: fix typo
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
---------
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
2024-10-25 00:45:28 -06:00
ee8934673c
feat: add token for setup-trivy ( #421 )
...
* feat: add `token-setup-trivy` input.
* docs: add info about `token-setup-trivy`
* fix: use correct commit
* refactor: use `default: ${{ github.token }}` for `token-setup-trivy`
* refactor: use `setup-trivy` v0.2.2
2024-10-24 23:32:23 -06:00
cf990b19d8
Update README.md ( #420 )
2024-10-21 22:43:57 -06:00
bff40be51b
docs: Fix oras command not found ( #413 )
2024-10-21 22:43:42 -06:00
fc1500abdc
feat: Allow skipping setup ( #414 )
...
If a user is invoking the action multiple times then the trivy binary
gets installed multiple times. Users can avoid this by managing the
installation themselves and setting the skip-setup input to true, or by
letting the action install in on their first invocation and then setting
skip-setup to true on subsequent invocations
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
2024-10-15 19:57:47 -06:00
5681af892c
fix: set envs only when passed ( #405 )
...
* fix: set envs when passed
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* use inputs.<input_id>.default
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Revert "use inputs.<input_id>.default"
This reverts commit 1a12292eacknqyf263@gmail.com >
2024-10-10 22:48:38 -06:00
807896715e
chore: update description for scanners and format inputs ( #407 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2024-10-09 15:37:31 -06:00
a20de5420d
feat: store artifacts in cache by default ( #399 )
...
* feat: migrate to a composite action
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Fix tests
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Delete an unused input
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* test: expect status code 0
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* test: not use run
https://bats-core.readthedocs.io/en/stable/writing-tests.html#when-not-to-use-run
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: add 'cache' input
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* docs: update README
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: pin Trivy version
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* fix: bump trivy version
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: use date for cache key
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* chore: delete a comment
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* docs: update README
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* refactor: resolve conflicts and use envs
Signed-off-by: knqyf263 <knqyf263@gmail.com >
---------
Signed-off-by: knqyf263 <knqyf263@gmail.com >
2024-10-08 14:20:38 -06:00
1b8b83dcc2
docs: add usage info about action/cache for trivy databases ( #397 )
...
* docs: add info about using `action/cache` for `trivy-db`
* docs: add info about trivy-java-db and trivy-checks
2024-10-07 22:05:39 -06:00
89b14e517d
Upgrade GitHub actions ( #374 )
...
* Upgrade Github checkout action
* Upgrade Github upload-sarif action
* Upgrade Github checkout action - Pipeline
2024-10-02 14:41:43 -06:00
841fb371db
chore(docs): Reference the use of a pinned version ( #356 )
2024-05-22 18:59:56 -06:00
207cd40078
Fix docker host bug ( #329 )
...
* Update entrypoint.sh
should be a value not boolean
* Update action.yaml
add example
* Update README.md
2024-04-04 22:59:05 -06:00
840deb4908
Browse scan reports without GitHub Advanced Security license ( #328 )
2024-04-04 22:58:29 -06:00
f72b7e8127
Make 'hide-progress' input working again ( #323 )
...
* Make hide-progress input working again
* Unify 'hide-progress' default value
2024-03-28 19:06:30 -06:00
1f6384b6ce
docs(report): improve documentation around Using Trivy to generate SBOM and sending it to Github ( #307 )
...
* Improved documentation with details on how to send output as an artifact on Github and giving an example of a private image scan
* formatting
* better name for job
2024-02-13 15:20:36 -07:00
0b9d17b6b5
docs: add configuration info for flags not supported by inputs ( #296 )
...
* docs: add information about configuration flags not supported by inputs
* docs: add env and config file to Customizing
2024-01-11 15:13:21 -07:00
d43c1f16c0
docs: fix typo in README.md ( #293 )
...
Signed-off-by: Lucas Bickel <hairmare@purplehaze.ch >
2024-01-02 17:53:48 -07:00
22d2755f77
feature(config): add terraform variable files ( #285 )
...
* Action now takes an input for terraform variable filess
* added tf-vars
* updated README.md
* Updated yamlconfig test to latest version of trivy output for that container
* updated for correct cpu type
* test trivy version change to 0.45.0
* run scan with correct parameters
* Added test for terraform tfvars
* Updated output for other tests
* use test data as path and updated tf vars to be relative
* removed quiet
2023-12-04 16:27:47 -07:00
463f27e2d8
Update README.md to change the example to the new default brach name main from master.
...
Update README.md to change the example to the new default branch name "main" from "master".
I hope this will make the action slightly easier to work with for newer members of the community.
2023-05-12 10:45:16 +01:00
1a09192c0e
docs: improve SBOM documentation ( #208 )
...
* fix: dependency graph name ocurrences
* feat: improve readability and add useful links
* feat: improve readability and instructions
Improves readability and adds missing information about github_token, another authentication method.
* feat: add github_token instructions
* feat: add github_token to inputs table
* feat: add "what is an SBOM" link
* fix: GitHub dependency graph name ocurrence
* feat: improve SBOM input description
* fix: remove "on pull request" trigger
Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com >
* fix: outdated input name
---------
Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com >
2023-03-28 17:48:04 -07:00
1f0aa582c8
Rename security-checks to scanners ( #211 )
...
* Renaming securityChecks to runners
* Renaming securityChecks to runners
* Renaming securityChecks to runners
* Correcting README
2023-03-06 21:00:01 -08:00
ab15891596
Update README.md ( #186 )
...
Fix typo
2023-02-01 16:23:59 -08:00
cacfd7a243
docs: add trivy-config to table ( #195 )
2023-02-01 16:19:16 -08:00
1e0bef4613
fix(sarif): Add option to limit severities for sarif (aquasecurity#192) ( #198 )
2023-02-01 16:18:31 -08:00
12814ff8bc
docs: correct format and add output on config scan with sarif ( #159 )
2022-08-15 11:09:42 -07:00
5144f05a8d
fix(config): Drop mixing of options with yaml config. ( #148 )
...
Also adds some documentation explaining how the config
and flags are used in conjunction with each other.
Fixes: https://github.com/aquasecurity/trivy-action/issues/147
Signed-off-by: Simar <simar@linux.com >
2022-07-29 14:30:07 -07:00
503d3abc15
feat(yaml): Add support for trivy.yaml ( #143 )
...
* feat(yaml): Add support for trivy.yaml
Signed-off-by: Simar <simar@linux.com >
* chore: fixing test using trivy v 0.30.0
* chore(deps): Update to use Trivy v0.30.2
Signed-off-by: Simar <simar@linux.com >
Co-authored-by: carolina valencia <krol3@users.noreply.github.com >
2022-07-21 16:36:46 -07:00
0105373003
docs(trivy): Add instructions to scan tarballs. ( #134 )
...
Signed-off-by: Simar <simar@linux.com >
2022-06-29 14:34:09 -07:00
7b7aa264d8
feat(SBOM): Support SBOM generation ( #129 )
...
* feat(sbom): Support SBOM generation
Signed-off-by: Simar <simar@linux.com >
* Update README.md
Co-authored-by: Itay Shakury <itay@itaysk.com >
* feat(sbom): Send results within the entrypoint.sh
* fix(sbom): Fix leading whitespaces for format var.
Signed-off-by: Simar <simar@linux.com >
* docs(sbom): Update README.md
* docs(sbom): Update README.md
* chore(trivy): Bump Trivy version to 0.29.1
Signed-off-by: Simar <simar@linux.com >
* feat(sbom): Change to fs scan.
Signed-off-by: Simar <simar@linux.com >
* fix(tests): Update SARIF goldenfile
Co-authored-by: Itay Shakury <itay@itaysk.com >
2022-06-22 11:24:39 -07:00
63b6e4c61b
docs: added missing HTML template and removed deprecated SARIF template ( #132 )
...
* docs: add missing template
* docs: add missing template and remove deprecated
Add missing HTML template
Remove deprecated SARIF template
* docs: remove deprecated SARIF template
2022-06-21 11:46:57 -07:00
c666240787
Add missing option to README. ( #127 )
2022-06-16 08:25:13 -07:00
e27605859b
feat: update codeql-action/upload-sarif to v2 ( #124 )
2022-06-15 09:16:34 -07:00
4b3b5f928b
Add support for --ignorefile option (.trivyignore) ( #122 )
...
* Add support for supplying one or more .trivyignore files.
* Fix gitignore for test data.
* Add test for trivyignores option.
* Be explicit about the trivy options we use during testing.
* Add documentation of trivyignores option.
2022-06-14 07:41:49 -07:00
987beb8186
Enable security checks option for image type ( #112 )
...
* Enable security checks option for image type
* Readme: update security checks option
* action.yaml: add default value for security checks option
* echo env var
* action.yaml: remove default value for security checks
* remove useless echo
2022-06-02 14:52:06 -07:00
9fbcc91008
(feat) Add support for security-checks flag
...
When using fs mode add option to list of what security issues to detect
2022-04-13 16:25:40 +03:00
296212627a
Update default value of timeout configuration ( #97 )
2022-02-24 14:33:03 -08:00
a7a829a434
chore: update trivy version Dockerfile ( #96 )
...
* chore: update trivy version Dockerfile
* Update readme for sarif deprecate
https://github.com/aquasecurity/trivy/discussions/1571
* docs: revert template and remove sarif.tpl
* fix: update condition to use format variable
Co-authored-by: oranmoshai <oran.moshai@aquasec.com >
Co-authored-by: knqyf263 <knqyf263@gmail.com >
2022-02-02 15:19:51 -08:00
YuXuan Tay
Akshay Iyyadurai Balasundaram
Aqua Security automated builds
simar7
Maxim Masiutin
Rob Vesse
DmitriyLewen
Nikita Pivkin
Alex B
Mario Apra
Daisuke Sato
Rob Vesse
Teppei Fukuda
Oussama Bounaim
Lukas Gravley
uridium
uridium
Maxime Durand
Lucas Bickel
Kyle Davies
John Smith
Guilherme Marz Vazzolla
Viktor Sadovnikov
Michael Cantú
Omar Silva
AndreyLevchenko
Engin Diri
nleconte-csgroup
Achton Smidt Winther
David Calvert
Tanguy Segarra
oranmoshai
Chanaka Lakmal
Oran Moshai