aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
169 Commits 7 Branches 75 Tags
a11da62073708815958ea6d84f5650c78a3ef85b
Commit Graph

169 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mario Apra a11da62073 fix: Update default trivy version in README (#444) 
As part of PR #434 the default trivy version got bumped
but the readme didn't reflect it.
 2025-01-07 16:37:47 -07:00
simar7 18f2510ee3 chore(deps): Bump trivy to v0.57.1 (#434) 
* chore(deps): Bump trivy to v0.57.1

* update tests

* use mirrors from mirror.gcr.io

* update workflow for tests

* Revert "use mirrors from mirror.gcr.io"

This reverts commit 529a941eed.
v0.29.0 		2024-11-19 17:11:53 -07:00
Nikita Pivkin 93941cebba docs: remove ignore-unfixed from IaC scan example (#429) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2024-11-18 16:54:58 -07:00
DmitriyLewen d2a392a137 fix: bump setup-trivy and add new contrib directory path info (#424) 
* chore(deps): use fork for setup-trivy

* docs: add info about templates

* refactor: use `setup-trivy` v0.2.2

* docs: remove `./` prefix

* Merge branch 'main' into 'fix/contrib-dir'

* docs: fix link

* docs: fix typo

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>

---------

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-10-25 00:45:28 -06:00
DmitriyLewen ee8934673c feat: add token for setup-trivy (#421) 
* feat: add `token-setup-trivy` input.

* docs: add info about `token-setup-trivy`

* fix: use correct commit

* refactor: use `default: ${{ github.token }}` for `token-setup-trivy`

* refactor: use `setup-trivy` v0.2.2
 2024-10-24 23:32:23 -06:00
simar7 cf990b19d8 Update README.md (#420) 2024-10-21 22:43:57 -06:00
Daisuke Sato bff40be51b docs: Fix oras command not found (#413) 2024-10-21 22:43:42 -06:00
Rob Vesse fc1500abdc feat: Allow skipping setup (#414) 
If a user is invoking the action multiple times then the trivy binary
gets installed multiple times.  Users can avoid this by managing the
installation themselves and setting the skip-setup input to true, or by
letting the action install in on their first invocation and then setting
skip-setup to true on subsequent invocations

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-10-15 19:57:47 -06:00
DmitriyLewen 915b19bbe7 chore(deps): bump setup-trivy to v0.2.1 (#411) 
* chore(deps): bump setup-trivy

* chore(deps): bump setup-trivy

* chore(deps): bump setup-trivy to `v0.2.1`
v0.28.0 		2024-10-15 10:04:03 -06:00
Teppei Fukuda 5681af892c fix: set envs only when passed (#405) 
* fix: set envs when passed

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* use inputs.<input_id>.default

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Revert "use inputs.<input_id>.default"

This reverts commit 1a12292eac.

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
v0.27.0 		2024-10-10 22:48:38 -06:00
Nikita Pivkin 807896715e chore: update description for scanners and format inputs (#407) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2024-10-09 15:37:31 -06:00
DmitriyLewen 0fa0cdb177 ci: use setup-trivy to install Trivy (#406) 2024-10-09 15:36:41 -06:00
Teppei Fukuda a20de5420d feat: store artifacts in cache by default (#399) 
* feat: migrate to a composite action

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Fix tests

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Delete an unused input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: expect status code 0

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: not use run

https://bats-core.readthedocs.io/en/stable/writing-tests.html#when-not-to-use-run

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: add 'cache' input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: pin Trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: bump trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: use date for cache key

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore: delete a comment

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* refactor: resolve conflicts and use envs

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
v0.26.0 		2024-10-08 14:20:38 -06:00
DmitriyLewen 1b8b83dcc2 docs: add usage info about action/cache for trivy databases (#397) 
* docs: add info about using `action/cache` for `trivy-db`

* docs: add info about trivy-java-db and trivy-checks
 2024-10-07 22:05:39 -06:00
simar7 f781cce5aa feat(trivy): Bump to support v0.56.1 (#387) 
* feat(trivy): Bump to support v0.55.2

* fix tests

* update github workflow

* upgrade to v0.56.0

* bump to trivy v0.56.1

* update tests
v0.25.0 		2024-10-07 14:14:19 -06:00
Nikita Pivkin 54f21d8382 ci: sync trivy-checks version 1 (#398) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2024-10-07 12:23:44 -06:00
Oussama Bounaim 89b14e517d Upgrade GitHub actions (#374) 
* Upgrade Github checkout action

* Upgrade Github upload-sarif action

* Upgrade Github checkout action - Pipeline
 2024-10-02 14:41:43 -06:00
Nikita Pivkin 97646fedde chore: use checks bundle snapshot from trivy-action (#388) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2024-09-19 08:58:52 -06:00
chris d9cd5b1c23 fix(Makefile): recursive option typo (#371) 2024-07-09 10:07:51 -06:00
Vinayak S 6e7b7d1fd3 Upgrade trivy to v0.53.0 (#369) 
* Upgrade trivy to v0.53.0

* update tests

---------

Co-authored-by: Simar <simar@linux.com>
v0.24.0 		2024-07-09 00:19:25 -06:00
Vinayak S 7c2007bcb5 Upgrade trivy to v0.52.2 (#367) 
* Upgrade trivy to v0.52.2

* Upgrade trivy to v0.52.2
v0.23.0 		2024-06-17 16:53:33 -06:00
Francisco Javier Barón 595be6a0f6 Upgrade trivy to v0.52.0 (#364) v0.22.0 2024-06-06 17:41:36 -06:00
simar7 841fb371db chore(docs): Reference the use of a pinned version (#356) 2024-05-22 18:59:56 -06:00
Vinayak S fd25fed697 bump trivy version to v0.51.2 (#360) 
* bump trivy version to v0.51.2

* bump trivy version to v0.51.2
v0.21.0 		2024-05-21 16:33:02 -06:00
simar7 b2933f565d bump trivy version to v0.51.1 (#353) 
* bump trivy version to v0.51.1

* update tests
v0.20.0 		2024-05-07 21:42:16 -06:00
simar7 b2cd5ff52c Update bump-trivy.yaml 2024-05-07 18:03:36 -06:00
Nikita Pivkin 6f8c23760b update tests (#334) 
* update tests

* rename trivy images

* rename workflow steps
 2024-05-06 23:18:53 -06:00
Simar 7088d18dcb Revert "fix: 🐛 allow trivy-config and other options to be used together (#338)" 
This reverts commit ee6a4f5af1.
 2024-04-26 01:13:05 -06:00
arairyus ee6a4f5af1 fix: 🐛 allow trivy-config and other options to be used together (#338) 2024-04-25 23:57:46 -06:00
Pedro Freitas b5f4977b78 Bump trivy version to v0.50.2 (#341) 
Co-authored-by: pdefreitas <5927433+pdefreitas@users.noreply.github.com>
 2024-04-22 22:07:09 -06:00
Lukas Gravley 207cd40078 Fix docker host bug (#329) 
* Update entrypoint.sh

should be a value not boolean

* Update action.yaml

add example

* Update README.md
 2024-04-04 22:59:05 -06:00
uridium 840deb4908 Browse scan reports without GitHub Advanced Security license (#328) 2024-04-04 22:58:29 -06:00
Calin Marina 0f287db5d3 feat(image): add --docker-host option for GH Action users (#267) 
* add option to update docker-host via cli parameter

* chore: update test results

---------

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-04-03 17:26:17 -06:00
uridium f72b7e8127 Make 'hide-progress' input working again (#323) 
* Make hide-progress input working again

* Unify 'hide-progress' default value
 2024-03-28 19:06:30 -06:00
simar7 d710430a67 bump trivy version to v0.50.1 (#324) v0.19.0 2024-03-27 16:22:09 -06:00
cococig 062f259268 fix: Refer to scan-ref when scan-type is "sbom" (#314) v0.18.0 2024-02-22 14:28:04 -07:00
Maxime Durand 1f6384b6ce docs(report): improve documentation around Using Trivy to generate SBOM and sending it to Github (#307) 
* Improved documentation with details on how to send output as an artifact on Github and giving an example of a private image scan

* formatting

* better name for job
 2024-02-13 15:20:36 -07:00
Kyle Davies 84384bd6e7 Upgraded Trivy from 0.48.1 to v0.49.0 (#304) v0.17.0 2024-02-05 18:54:03 -07:00
Simão Silva f3d98514b0 fix: Fix skip-files and hide-progress options not being applied when using Sarif report format (#297) 
* Update entrypoint.sh

* Update entrypoint.sh

* Update entrypoint.sh
 2024-01-14 14:28:49 -07:00
DmitriyLewen 0b9d17b6b5 docs: add configuration info for flags not supported by inputs (#296) 
* docs: add information about configuration flags not supported by inputs

* docs: add env and config file to Customizing
 2024-01-11 15:13:21 -07:00
Lucas Bickel d43c1f16c0 docs: fix typo in README.md (#293) 
Signed-off-by: Lucas Bickel <hairmare@purplehaze.ch>
v0.16.1 		2024-01-02 17:53:48 -07:00
Martin Kemp 5f1841df8d Update Trivy to 0.48.1 (#291) 
* Update Trivy to 0.48.1

Signed-off-by: Martin Kemp <me@martinke.mp>

* update tests

---------

Signed-off-by: Martin Kemp <me@martinke.mp>
Co-authored-by: Simar <simar@linux.com>
 2024-01-02 17:51:04 -07:00
Ivan Santos 91713af97d Update to trivy version 0.48.0 (#289) 
* Update to trivy version 0.48.0

 

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Simar <simar@linux.com>
v0.16.0 		2023-12-08 11:08:35 -07:00
Kyle Davies 22d2755f77 feature(config): add terraform variable files (#285) 
* Action now takes an input for terraform variable filess

* added tf-vars

* updated README.md

* Updated yamlconfig test to latest version of trivy output for that container

* updated for correct cpu type

* test trivy version change to 0.45.0

* run scan with correct parameters

* Added test for terraform tfvars

* Updated output for other tests

* use test data as path and updated tf vars to be relative

* removed quiet
v0.15.0 		2023-12-04 16:27:47 -07:00
Kyle Davies 2b6a709cf9 Add filesystem alias (#269) v0.14.0 2023-11-06 18:35:42 -07:00
Victor Sollerhed 47e481a388 Update to trivy version 0.47.0 in Dockerfile (#280) 
See:
- https://github.com/aquasecurity/trivy/releases/tag/v0.47.0
 2023-11-06 18:35:08 -07:00
Liam MacPherson 7b07fa7d6a fix: set return code after each Trivy call (#247) 
This change moves the return code to outside the trivy call. This fixes
#228 as the return code was not being propagated.
 2023-11-06 18:32:48 -07:00
Witold Ślęczkowski f78e9ecf42 Update Dockerfile to 0.46.1 (#277) 
This update fixes https://github.com/aquasecurity/trivy/issues/5441
v0.13.1 		2023-10-30 18:28:16 -06:00
Brandon Helms b77b85c025 Update Dockerfile to 0.46.0 (#274) 
* Update Dockerfile to 0.46.0

This will address bugs before 0.46.0

* updating tests
v0.13.0 		2023-10-25 11:39:02 -06:00
Pavel Kutáč 69cbbc0cbb fix: mark image-ref attribute optional (#261) 2023-09-14 22:32:56 -06:00