-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yml
88 lines (88 loc) · 2.94 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: "TMAS Scan Action"
description: "Scan container images with Vision One Container Security"
author: "Trend Micro"
inputs:
TMAS_API_KEY:
description: "Vision One API Key"
required: true
IMAGE:
description: "Image URI to scan. Not required if you are doing pre-registry scanning. See LOCAL_IMAGE_TARBALL."
required: false
REGION:
description: "Vision One Region"
required: true
default: "us-east-1"
SBOM:
description: "Decide if you want to save the SBOM file for the image. Default is true."
required: false
default: "true"
MALWARE_SCAN:
description: "Decide if you want to scan the image for malware. Default is true."
required: false
default: "true"
VULNERABILITY_SCAN:
description: "Decide if you want to scan the image for vulnerabilities. Default is true."
required: true
default: "true"
SECRETS_SCAN:
description: "Decide if you want to scan the image for secrets. Default is true."
required: false
default: "true"
MAX_TOTAL:
description: "Max total of vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_CRITICAL:
description: "Max critical vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_HIGH:
description: "Max high vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_MEDIUM:
description: "Max medium vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_LOW:
description: "Max low vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_NEGLIGIBLE:
description: "Max negligible vulnerabilities acceptable in a images"
required: false
default: "0"
MAX_UNKNOWN:
description: "Max unknown vulnerabilities acceptable in a images"
required: false
default: "0"
SCAN_RESULT_ARTIFACT:
description: "Name for the artifact generated by the scan in case you want to archive it."
required: false
default: "scan-result.json"
LOCAL_IMAGE_TARBALL:
description: "Name for the locally available image tarball in case you are doing pre-registry scanning."
required: false
branding:
icon: "package"
color: "red"
runs:
using: "docker"
image: "docker://ghcr.io/trendmicro/tmas-scan-action:latest"
env:
TMAS_API_KEY: ${{ inputs.TMAS_API_KEY }}
IMAGE: ${{ inputs.IMAGE }}
REGION: ${{ inputs.REGION }}
SBOM: ${{ inputs.SBOM }}
MALWARE_SCAN: ${{ inputs.MALWARE_SCAN }}
VULNERABILITY_SCAN: ${{ inputs.VULNERABILITY_SCAN }}
SECRETS_SCAN: ${{ inputs.SECRETS_SCAN }}
MAX_TOTAL: ${{ inputs.MAX_TOTAL }}
MAX_CRITICAL: ${{ inputs.MAX_CRITICAL }}
MAX_HIGH: ${{ inputs.MAX_HIGH }}
MAX_MEDIUM: ${{ inputs.MAX_MEDIUM }}
MAX_LOW: ${{ inputs.MAX_LOW }}
MAX_NEGLIGIBLE: ${{ inputs.MAX_NEGLIGIBLE }}
MAX_UNKNOWN: ${{ inputs.MAX_UNKNOWN }}
SCAN_RESULT_ARTIFACT: ${{ inputs.SCAN_RESULT_ARTIFACT }}
LOCAL_IMAGE_TARBALL: ${{ inputs.LOCAL_IMAGE_TARBALL }}