Cleanup secuirity issues action structure

exasol · Oct 23, 2023 · 25cd737 · 25cd737
1 parent 3f28860
commit 25cd737
Showing 1 changed file with 14 additions and 22 deletions.
diff --git a/.github/actions/security-issues/action.yml b/.github/actions/security-issues/action.yml
@@ -8,17 +8,12 @@ description: 'The Security Issues Action creates github issues for open security
 
 inputs:
 
-  scan-command:
+  command:
     description: 'Command which creates a security report for the repository'
     required: true
     default: "mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate -Dossindex.reportFile=security-issues.json"
 
-  scan-output:
-    description: 'Output file generated by the scan-command'
-    required: true
-    default: "security-issues.json"
-
-  input-converter:
+  format:
     description: 'Converter to apply on the scan-output before processing'
     required: false
     # passthrough in case of None
@@ -34,29 +29,26 @@ runs:
       with:
         python-version: ${{ inputs.python-version }}
 
-    # Pin this to specifically released verison
+    # Pin this to specifically released version
     - name: Install Python Toolbox / Security tool
       run: |
         pip install 'git+https://github.com/exasol/python-toolbox.git@security-issues-action'
 
-    - name: Install Python Toolbox / Security Issues tool
-      run: |
-        scan-command > $scan-output
-
-    - name: Run scan-command
+    - name: Scan project for security issues
       run: |
-        scan-command > $scan-output
+        ${{ input.command }} > scan-output
 
-    - name: Run input-converter
+    - name: Convert output of command to common input format
       run: |
-        security-issues convert maven < $scan-output > issues.json
+        security-issues convert ${{inputs.format}} < scan-output > cves.json
 
-    - name: Filter Existing Issues (Open & Closed)
+    # Remove irrelevant e.g. if issue already exists or existed
+    # Info: a general ignore list could be added here to
+    - name: Filter issues
       run: |
-        security-issues filter github < scan.json > issues.json
-      # This could be added in the future
-      # tbx security-issues filter exclusions < issues.json > filtered-pt2.json
+        security-issues filter github < cves.json > issues.json
 
-    - name: Create Issues for
+    # Info: alternative issue tracker(s) could be added in the future
+    - name: Create Issues
       run: |
-        security-issues create github < issues.json
+        security-issues create < issues.json