Giter Club home page Giter Club logo

gitrivy's Introduction

Gitrivy

GitHub release (latest by date) GitHub

This is a GitHub Actions to scan vulnerability using Trivy.
If vulnerabilities are found by Trivy, it creates the following GitHub Issue.

image

Usage

Inputs

Parameter Required Default Value Description
trivy_version False latest Trivy version
image True N/A The target image name to scan the vulnerability
Specify this parameter or IMAGE_NAME environment variable
severity False HIGH,CRITICAL Severities of vulnerabilities (separated by commma)
vuln_type False os,library Scan target are os and / or library (separated by commma)
timeout False 5m0s timeout. In case your scan may time out, try increasing the value of the timeout option such as 15m.
ignore_unfixed False false Ignore unfixed vulnerabilities
Please specify true or false
issue False true Decide whether creating issue when vulnerabilities are found by trivy.
Please specify true or false
token True if issue parameter is true else False N/A GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.
issue_title False Security Alert Issue title
issue_label False trivy,vulnerability Issue label (separated by commma)
issue_assignee False N/A Issue assignee (separated by commma)
fail_on_vulnerabilities False false Whether the action should fail if any vulnerabilities were found.

Outputs

Parameter Description
html_url The URL to view the issue
issue_number The created issue number

Example Workflow

Detect your docker image vulnerability everyday at 9:00 (UTC).

name: Vulnerability Scan

on:
  schedule:
    - cron: '0 9 * * *'

jobs:
  scan:
    name: Daily Vulnerability Scan
    runs-on: ubuntu-18.04
    steps:
      - name: Pull docker image
        run: docker pull sample

      - uses: yokawasa/[email protected]
        with:
          trivy_version: 0.20.2
          token: ${{ secrets.GITHUB_TOKEN }}
          image: python:3.4-alpine
          ignore_unfixed: true
          issue: true

gitrivy's People

Contributors

homoluctus avatar yokawasa avatar wochinge avatar oke-py avatar it-ito avatar sonots avatar dependabot[bot] avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.