diff --git a/README.md b/README.md index 734cdd3..ea79fc8 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,7 @@ Following inputs can be used as `step.with` keys: | `ignore-unfixed` | Boolean | false | Ignore unpatched/unfixed vulnerabilities | | `vuln-type` | String | `os,library` | Vulnerability types (os,library) | | `severity` | String | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | Severities of vulnerabilities to be displayed | - +| `skip-dirs` | String | | Comma separated list of directories where traversal is skipped | [release]: https://github.com/aquasecurity/trivy-action/releases/latest [release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github [marketplace]: https://github.com/marketplace/actions/aqua-security-trivy diff --git a/action.yaml b/action.yaml index e4e626d..56b13cc 100644 --- a/action.yaml +++ b/action.yaml @@ -41,6 +41,10 @@ inputs: description: 'writes results to a file with the specified file name' required: false default: '' + skip-dirs: + description: 'comma separated list of directories where traversal is skipped' + required: false + default: '' runs: using: 'docker' image: "Dockerfile" @@ -55,3 +59,4 @@ runs: - '-h ${{ inputs.output }}' - '-i ${{ inputs.image-ref }}' - '-j ${{ inputs.scan-ref }}' + - '-k ${{ inputs.skip-dirs }}' diff --git a/entrypoint.sh b/entrypoint.sh index 16e3697..d243fc9 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash set -e -while getopts "a:b:c:d:e:f:g:h:i:j:" o; do +while getopts "a:b:c:d:e:f:g:h:i:j:k:" o; do case "${o}" in a) export scanType=${OPTARG} @@ -32,6 +32,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:" o; do j) export scanRef=${OPTARG} ;; + k) + export skipDirs=${OPTARG} + ;; esac done @@ -64,6 +67,9 @@ fi if [ $output ];then ARGS="$ARGS --output $output" fi +if [ $skipDirs ];then + ARGS="$ARGS --skip-dirs $skipDirs" +fi echo "Running trivy with options: " --no-progress "${ARGS}" "${artifactRef}" trivy ${scanType} --no-progress $ARGS ${artifactRef}