Skip to content

Commit

Permalink
Allow type "file:..."
Browse files Browse the repository at this point in the history 
Signed-off-by: Malte Poll <mp@edgeless.systems>
  • Loading branch information
@malt3
malt3 committed Oct 5, 2022
1 parent 6218d4f commit ea032bd
Show file tree
Hide file tree
Showing 7 changed files with 49 additions and 12 deletions.
31 changes: 21 additions & 10 deletions README.md
View file
Expand Up @@ -58,6 +58,16 @@ Use the `path` parameter, relative to the repository root:
path: ./build/
```

### Scan a specific file

Use the `file` parameter, relative to the repository root:

```yaml
- uses: anchore/sbom-action@v0
with:
file: ./build/file
```

### Publishing SBOMs with releases

The `sbom-action` will detect being run during a
Expand Down Expand Up @@ -113,16 +123,17 @@ use the `artifact-name` parameter:
The main [SBOM action](action.yml), responsible for generating SBOMs
and uploading them as workflow artifacts and release assets.

| Parameter | Description | Default |
| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `path` | A path on the filesystem to scan. This is mutually exclusive to `image`. | \<current directory> |
| `image` | A container image to scan. This is mutually exclusive to `path`. See [Scan a container image](#scan-a-container-image) for more information. | |
| `registry-username` | The registry username to use when authenticating to an external registry | |
| `registry-password` | The registry password to use when authenticating to an external registry | |
| `artifact-name` | The name to use for the generated SBOM artifact. See: [Naming the SBOM output](#naming-the-sbom-output) | `sbom-<job>-<step-id>.spdx.json` |
| `output-file` | The location to output a resulting SBOM | |
| `format` | The SBOM format to export. One of: `spdx`, `spdx-json`, `cyclonedx`, `cyclonedx-json` | `spdx-json` |
| `dependency-snapshot` | Whether to upload the SBOM to the GitHub Dependency submission API | `false` |
| Parameter | Description | Default |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `path` | A path on the filesystem to scan. This is mutually exclusive to `file` and `image`. | \<current directory> |
| `file` | A file on the filesystem to scan. This is mutually exclusive to `path` and `image`. | |
| `image` | A container image to scan. This is mutually exclusive to `path` and `file`. See [Scan a container image](#scan-a-container-image) for more information. | |
| `registry-username` | The registry username to use when authenticating to an external registry | |
| `registry-password` | The registry password to use when authenticating to an external registry | |
| `artifact-name` | The name to use for the generated SBOM artifact. See: [Naming the SBOM output](#naming-the-sbom-output) | `sbom-<job>-<step-id>.spdx.json` |
| `output-file` | The location to output a resulting SBOM | |
| `format` | The SBOM format to export. One of: `spdx`, `spdx-json`, `cyclonedx`, `cyclonedx-json` | `spdx-json` |
| `dependency-snapshot` | Whether to upload the SBOM to the GitHub Dependency submission API | `false` |

### anchore/sbom-action/publish-sbom

Expand Down
6 changes: 5 additions & 1 deletion action.yml
View file
Expand Up @@ -7,9 +7,13 @@ branding:
inputs:
path:
required: false
description: "A path on the filesystem to scan"
description: "A path to a directory on the filesystem to scan"
default: "."

file:
required: false
description: "A file on the filesystem to scan"

image:
required: false
description: "A container image to scan"
Expand Down
3 changes: 3 additions & 0 deletions dist/attachReleaseAssets/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions dist/downloadSyft/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions dist/runSyftAction/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 12 additions & 1 deletion src/Syft.ts
View file
Expand Up @@ -5,6 +5,13 @@ export interface SyftDirectoryInput {
path: string;
}

/**
* Used for file input to Syft
*/
export interface SyftFileInput {
file: string;
}

/**
* Used to point Syft to a registry to scan an image
*/
Expand All @@ -24,7 +31,11 @@ export interface SyftImageInput {
* Syft invocation options
*/
export interface SyftOptions {
input: SyftDirectoryInput | SyftRegistryInput | SyftImageInput;
input:
| SyftDirectoryInput
| SyftFileInput
| SyftRegistryInput
| SyftImageInput;
format:
| "spdx"
| "spdx-tag-value"
Expand Down
2 changes: 2 additions & 0 deletions src/github/SyftGithubAction.ts
View file
Expand Up @@ -135,6 +135,8 @@ async function executeSyft({
}
} else if ("path" in input && input.path) {
args = [...args, `dir:${input.path}`];
} else if ("file" in input && input.file) {
args = [...args, `file:${input.file}`];
} else {
throw new Error("Invalid input, no image or path specified");
}
Expand Down

0 comments on commit ea032bd

Please sign in to comment.