aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
212 Commits 7 Branches 75 Tags
v0.35.0
Commit Graph

212 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
abriko dedfa59531 Enhance GitHub Dependency Snapshot upload (#233) 2023-06-05 11:12:39 -06:00
Daniel Chabr f96f79aa22 bump trivy to v0.42.0 (#237) 
* chore(deps): update trivy to v0.42.0

* revert formatting

* revert formatting again

* update sarif version in tests
 2023-06-05 11:08:24 -06:00
Herman Wika Horn 82ec0dd604 Include args when using trivy config file (#231) 
Previously, arguments provided using regular flags
were ignored if a trivy config file was provided

Note that this pull request makes no effort to
deduce or merge desired argument if the same
configuration with different values are provided
both within the config file and as flags. Behaviour
for this case would develop on the implementation
of trivy
 2023-05-31 14:47:20 -06:00
John Smith 463f27e2d8 Update README.md to change the example to the new default brach name main from master. 
Update README.md to change the example to the new default branch name "main" from "master".

I hope this will make the action slightly easier to work with for newer members of the community.
 2023-05-12 10:45:16 +01:00
Bruce Bujon e5f43133f6 chore: Update Trivy to 0.40.0 (#223) 
* chore: Update trivy to 0.39.0

* chore: Update trivy to 0.40.0
v0.10.0 		2023-04-18 17:44:36 -07:00
Guilherme Marz Vazzolla 1a09192c0e docs: improve SBOM documentation (#208) 
* fix: dependency graph name ocurrences

* feat: improve readability and add useful links

* feat: improve readability and instructions 

Improves readability and adds missing information about github_token, another authentication method.

* feat: add github_token instructions

* feat: add github_token to inputs table

* feat: add "what is an SBOM" link

* fix: GitHub dependency graph name ocurrence

* feat: improve SBOM input description

* fix: remove "on pull request" trigger

Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com>

* fix: outdated input name

---------

Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com>
 2023-03-28 17:48:04 -07:00
Viktor Sadovnikov 1f0aa582c8 Rename security-checks to scanners (#211) 
* Renaming securityChecks to runners

* Renaming securityChecks to runners

* Renaming securityChecks to runners

* Correcting README
v0.9.2 		2023-03-06 21:00:01 -08:00
DmitriyLewen 43849adf01 bump trivy to v0.38.1 (#215) 2023-03-06 20:58:30 -08:00
Falk Puschner 8bd2f9fbda ⬆️ bump trivy action (#203) v0.9.1 2023-02-10 16:20:50 +09:00
simar7 cff3e9a7f6 feat(trivy): Bump Trivy to v0.37.1 (#199) 
Signed-off-by: Simar <simar@linux.com>
v0.9.0 		2023-02-01 16:40:29 -08:00
Michael Cantú ab15891596 Update README.md (#186) 
Fix typo
 2023-02-01 16:23:59 -08:00
Omar Silva cacfd7a243 docs: add trivy-config to table (#195) 2023-02-01 16:19:16 -08:00
AndreyLevchenko 1e0bef4613 fix(sarif): Add option to limit severities for sarif (aquasecurity#192) (#198) 2023-02-01 16:18:31 -08:00
Aibek 9ab158e859 Add 0.34.0 release (#177) 
* bump to ghcr.io/aquasecurity/trivy:0.33.0

* fix tests

* bump to 0.34.0
v0.8.0 		2022-10-31 17:18:27 -07:00
Lior Vaisman Argon e55de85bee Add npm to action Dockerfile (#176) 2022-10-25 07:04:22 -07:00
chejn d63413b0a4 Fix github dependency submission API call (#162) 
* Update entrypoint.sh

* Update entrypoint.sh

* Update entrypoint.sh
v0.7.1 		2022-08-17 14:54:57 -07:00
simar7 1db49f5326 feat(trivy): Bump Trivy to v0.31.0 (#165) 
Fixes: https://github.com/aquasecurity/trivy-action/issues/164

Signed-off-by: Simar <simar@linux.com>

Signed-off-by: Simar <simar@linux.com>
v0.7.0 		2022-08-16 17:25:38 -07:00
Engin Diri 12814ff8bc docs: correct format and add output on config scan with sarif (#159) 2022-08-15 11:09:42 -07:00
simar7 cb606dfdb0 fix(sarif): Add timeout and security-checks for sarif (#156) v0.6.2 2022-08-03 17:32:25 -07:00
Carol Valencia 0d7cf2ddfb chore: improve message output sbom with gh (#145) 
* fix: merge with master- entrypoint

* chore: gitignore .vscode

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
 2022-08-02 15:24:58 -07:00
simar7 5144f05a8d fix(config): Drop mixing of options with yaml config. (#148) 
Also adds some documentation explaining how the config
and flags are used in conjunction with each other.

Fixes: https://github.com/aquasecurity/trivy-action/issues/147

Signed-off-by: Simar <simar@linux.com>
 2022-07-29 14:30:07 -07:00
simar7 81b9a6f5ab Update Dockerfile (#152) v0.6.1 2022-07-26 13:08:58 -07:00
simar7 503d3abc15 feat(yaml): Add support for trivy.yaml (#143) 
* feat(yaml): Add support for trivy.yaml

Signed-off-by: Simar <simar@linux.com>

* chore: fixing test using trivy v 0.30.0

* chore(deps): Update to use Trivy v0.30.2

Signed-off-by: Simar <simar@linux.com>

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
v0.6.0 		2022-07-21 16:36:46 -07:00
simar7 0105373003 docs(trivy): Add instructions to scan tarballs. (#134) 
Signed-off-by: Simar <simar@linux.com>
v0.5.1 		2022-06-29 14:34:09 -07:00
simar7 bc615ae2d7 fix(tests): Update test golden files for Trivy v0.29.2 (#136) 
Fixes: https://github.com/aquasecurity/trivy-action/issues/133
Fixes: https://github.com/aquasecurity/trivy-action/issues/135

Signed-off-by: Simar <simar@linux.com>
 2022-06-29 14:33:23 -07:00
simar7 7b7aa264d8 feat(SBOM): Support SBOM generation (#129) 
* feat(sbom): Support SBOM generation

Signed-off-by: Simar <simar@linux.com>

* Update README.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* feat(sbom): Send results within the entrypoint.sh

* fix(sbom): Fix leading whitespaces for format var.

Signed-off-by: Simar <simar@linux.com>

* docs(sbom): Update README.md

* docs(sbom): Update README.md

* chore(trivy): Bump Trivy version to 0.29.1

Signed-off-by: Simar <simar@linux.com>

* feat(sbom): Change to fs scan.

Signed-off-by: Simar <simar@linux.com>

* fix(tests): Update SARIF goldenfile

Co-authored-by: Itay Shakury <itay@itaysk.com>
v0.5.0 		2022-06-22 11:24:39 -07:00
nleconte-csgroup 63b6e4c61b docs: added missing HTML template and removed deprecated SARIF template (#132) 
* docs: add missing template

* docs: add missing template and remove deprecated

Add missing HTML template
Remove deprecated SARIF template

* docs: remove deprecated SARIF template
 2022-06-21 11:46:57 -07:00
Carol Valencia 49e970d7ac chore: pinning 0.29.0 trivy (#128) 
Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
v0.4.1 		2022-06-17 13:27:39 -07:00
Achton Smidt Winther c666240787 Add missing option to README. (#127) 2022-06-16 08:25:13 -07:00
David Calvert e27605859b feat: update codeql-action/upload-sarif to v2 (#124) 2022-06-15 09:16:34 -07:00
Achton Smidt Winther 2b22459068 Update tests for 0.28.1 and convert to JSON (#126) 
* Fix bug with test for securityChecks option which caused it to be skipped.

* Convert tests to JSON output only, and update them for Trivy 0.28.1.

* Update CI test to use Trivy 0.28.1.
v0.4.0 		2022-06-15 08:23:38 -07:00
Achton Smidt Winther 4b3b5f928b Add support for --ignorefile option (.trivyignore) (#122) 
* Add support for supplying one or more .trivyignore files.

* Fix gitignore for test data.

* Add test for trivyignores option.

* Be explicit about the trivy options we use during testing.

* Add documentation of trivyignores option.
 2022-06-14 07:41:49 -07:00
Tanguy Segarra 1a53202fc4 Use AWS public ECR instead of rate-limiting dockerhub (#118) 2022-06-08 11:17:38 -07:00
James Luther df3fb7d00b Update Trivy Version in Dockerfile (#117) 
Updated the dockerfile to use the latest release of Trivy.
 2022-06-02 14:53:00 -07:00
Tanguy Segarra 987beb8186 Enable security checks option for image type (#112) 
* Enable security checks option for image type

* Readme: update security checks option

* action.yaml: add default value for security checks option

* echo env var

* action.yaml: remove default value for security checks

* remove useless echo
 2022-06-02 14:52:06 -07:00
Carol Valencia 4b9b6fb4ef chore: update test to version 0.27.1 (#106) 
* chore: update test to version 0.27.0

* chore: add test file secret and update to 0.27.1

* fix: support repository with securityCheck secret

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
v0.3.0 		2022-05-09 13:12:55 -07:00
Carol Valencia 2b30463ddb chore: Update trivy version to 0.26.0 (#102) 
* chore: Update trivy version to 0.25.3

* feat: trivy fs - securityCheck test

* chore: update trivy 0.26.0

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
v0.2.5 		2022-04-18 08:40:37 -07:00
jerbia d7a51817e8 Merge pull request #104 from aquasecurity/feat/security-checks 
(feat) Add support for security-checks flag
v0.2.4 		2022-04-13 22:10:55 +03:00
oranmoshai 9fbcc91008 (feat) Add support for security-checks flag 
When using fs mode add option to list of what security issues to detect
 2022-04-13 16:25:40 +03:00
Carol Valencia 40c4ca9e74 feat: bash unit test - adding repo (#101) 
* feat: bash unit test - adding repo

* fix: clean dummy data

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
v0.2.3 		2022-04-08 15:57:27 -07:00
Carol Valencia f39d29766a chore: Update trivy version to 0.25 (#100) 
Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
 2022-04-04 10:05:28 -07:00
Chanaka Lakmal 296212627a Update default value of timeout configuration (#97) 2022-02-24 14:33:03 -08:00
Oran Moshai a7a829a434 chore: update trivy version Dockerfile (#96) 
* chore: update trivy version Dockerfile

* Update readme for sarif deprecate
https://github.com/aquasecurity/trivy/discussions/1571

* docs: revert template and remove sarif.tpl

* fix: update condition to use format variable

Co-authored-by: oranmoshai <oran.moshai@aquasec.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
v0.2.2 		2022-02-02 15:19:51 -08:00
Carol Valencia 9c21d3ca2c chore: update trivy version Dockerfile (#89) 
Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
 2022-01-10 16:47:20 -08:00
Masayoshi Mizutani 8f4c7160b4 feat: Add list-all-pkgs option (#88) v0.2.1 2021-12-16 08:31:49 -08:00
Carol Valencia 81cc8cd841 chore: update trivy version - fixed sarif (#87) 2021-12-10 10:18:11 -08:00
Nick Liffen 0769bbf0d2 Update Dockerfile (#82) v0.2.0 2021-11-26 12:02:01 -08:00
gustavomonarin 9ec80b5796 feat(#59) add support to skip files (#60) 
* feat(#59) Add support to skip files

closes #59

* Fix skipFiles parameter check

The check should be if present not if enabled.
 2021-11-26 12:01:28 -08:00
rahul2393 a58433e1c9 feat: added support for rootfs command (#84) 2021-11-26 10:32:44 -08:00
Simar 7168e9ba5a feat: Update README to include a case where upload upon failure (#78) 
* feat: Update README to include a case where upload is needed upon failure.

Signed-off-by: Simar <simar@linux.com>

* Update README.md
 2021-11-16 14:28:39 -08:00