From 74d9247d12e4e2734371afcb3708911ccc40cfbf Mon Sep 17 00:00:00 2001 From: Surj Bains Date: Mon, 1 Apr 2024 13:38:16 +0100 Subject: [PATCH 1/3] feat: include server for self hosted --- README.md | 1 + entrypoint.sh | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d971f6..ccb03df 100644 --- a/README.md +++ b/README.md @@ -540,6 +540,7 @@ Following inputs can be used as `step.with` keys: | `scan-type` | String | `image` | Scan type, e.g. `image` or `fs` | | `input` | String | | Tar reference, e.g. `alpine-latest.tar` | | `image-ref` | String | | Image reference, e.g. `alpine:3.10.2` | +| `server` | String | | server host, e.g. `https://scan.example.com` | | `scan-ref` | String | `/github/workspace/` | Scan reference, e.g. `/github/workspace/` or `.` | | `format` | String | `table` | Output format (`table`, `json`, `sarif`, `github`) | | `template` | String | | Output template (`@/contrib/gitlab.tpl`, `@/contrib/junit.tpl`) | diff --git a/entrypoint.sh b/entrypoint.sh index e6306f1..8595c06 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash set -e -while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do +while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:y:z:" o; do case "${o}" in a) export scanType=${OPTARG} @@ -71,6 +71,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do x) export tfVars=${OPTARG} ;; + y) + export server=${OPTARG} + ;; z) export limitSeveritiesForSARIF=${OPTARG} ;; @@ -97,6 +100,10 @@ if [ $cacheDir ];then GLOBAL_ARGS="$GLOBAL_ARGS --cache-dir $cacheDir" fi +if [ $server ] ;then + ARGS="$ARGS --server $server" +fi + SARIF_ARGS="" ARGS="" format=$(echo $format | xargs) From 7f3d1ae554849d2d684e5256d3857a7b0fccf702 Mon Sep 17 00:00:00 2001 From: Surj Bains Date: Mon, 1 Apr 2024 14:13:10 +0100 Subject: [PATCH 2/3] feat: trivy client with server endpoint --- action.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/action.yaml b/action.yaml index 02bcd34..eaeb9eb 100644 --- a/action.yaml +++ b/action.yaml @@ -91,6 +91,9 @@ inputs: tf-vars: description: "path to terraform tfvars file" required: false + server: + description: "server host" + required: false limit-severities-for-sarif: description: 'limit severities for SARIF format' required: false @@ -122,4 +125,5 @@ runs: - '-u ${{ inputs.github-pat }}' - '-v ${{ inputs.trivy-config }}' - '-x ${{ inputs.tf-vars }}' + - '-y ${{ inputs.server }}' - '-z ${{ inputs.limit-severities-for-sarif }}' From e28188fdd536705be846d31252d76ab37c554133 Mon Sep 17 00:00:00 2001 From: Surj Bains Date: Mon, 1 Apr 2024 16:41:58 +0100 Subject: [PATCH 3/3] fix: ensure ARGS are updated --- entrypoint.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 2788704..212cf3b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -100,10 +100,6 @@ if [ $cacheDir ];then GLOBAL_ARGS="$GLOBAL_ARGS --cache-dir $cacheDir" fi -if [ $server ] ;then - ARGS="$ARGS --server $server" -fi - SARIF_ARGS="" ARGS="" format=$(echo $format | xargs) @@ -144,7 +140,7 @@ if [ $skipDirs ];then fi if [ $tfVars ] && [ "$scanType" == "config" ];then ARGS="$ARGS --tf-vars $tfVars" -fi +fi if [ $trivyIgnores ];then for f in $(echo $trivyIgnores | tr "," "\n") @@ -169,14 +165,19 @@ if [ $ignorePolicy ];then SARIF_ARGS="$SARIF_ARGS --ignore-policy $ignorePolicy" fi if [ "$hideProgress" == "true" ];then - ARGS="$ARGS --quiet" - SARIF_ARGS="$SARIF_ARGS --quiet" + ARGS="$ARGS --no-progress" + SARIF_ARGS="$SARIF_ARGS --no-progress" fi listAllPkgs=$(echo $listAllPkgs | tr -d '\r') if [ "$listAllPkgs" == "true" ];then ARGS="$ARGS --list-all-pkgs" fi + +if [ $server ] ;then + ARGS="$ARGS --server $server" +fi + if [ "$skipFiles" ];then for i in $(echo $skipFiles | tr "," "\n") do