This is a GitHub Actions to scan vulnerability using Trivy.
If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
| Parameter | Required | Default Value | Description |
|---|---|---|---|
| trivy_version | False | latest | Trivy version |
| image | True | N/A | The target image name to scan the vulnerability Specify this parameter or IMAGE_NAME environment variable |
| severity | False | HIGH,CRITICAL | Severities of vulnerabilities (separated by commma) |
| vuln_type | False | os,library | Scan target are os and / or library (separated by commma) |
| ignore_unfixed | False | false | Ignore unfixed vulnerabilities Please specify true or false |
| issue | False | true | Decide whether creating issue when vulnerabilities are found by trivy. Please specify true or false |
| token | True if issue parameter is true else False | N/A | GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended. |
| issue_title | False | Security Alert | Issue title |
| issue_label | False | trivy,vulnerability | Issue label (separated by commma) |
| issue_assignee | False | N/A | Issue assignee (separated by commma) |
| fail_on_vulnerabilities | False | false | Whether the action should fail if any vulnerabilities were found. |
| Parameter | Description |
|---|---|
| html_url | The URL to view the issue |
| issue_number | The created issue number |
Detect your docker image vulnerability everyday at 9:00 (UTC).
name: Vulnerability Scan
on:
schedule:
- cron: '0 9 * * *'
jobs:
scan:
name: Daily Vulnerability Scan
runs-on: ubuntu-18.04
steps:
- name: Pull docker image
run: docker pull sample
- uses: dataswift/gha-trivy@v3.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
image: sample