diff --git a/README.md b/README.md index 5681401..340b5e0 100644 --- a/README.md +++ b/README.md @@ -852,6 +852,7 @@ Following inputs can be used as `step.with` keys: | `docker-host` | String | | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values | | `version` | String | `v0.56.2` | Trivy version to use, e.g. `latest` or `v0.56.2` | | `skip-setup-trivy` | Boolean | false | Skip calling the `setup-trivy` action to install `trivy` | +| `include-dev-deps` | Boolean | false | Include development dependencies in the report (supported: `npm`, `yarn`) | | `token-setup-trivy` | Boolean | | Overwrite `github.token` used by `setup-trivy` to checkout the `trivy` repository | ### Environment variables diff --git a/action.yaml b/action.yaml index b42ab4d..c63ebf2 100644 --- a/action.yaml +++ b/action.yaml @@ -107,6 +107,10 @@ inputs: description: 'skip calling the setup-trivy action to install trivy' required: false default: 'false' + include-dev-deps: + description: 'include development dependencies in the report (supported: npm, yarn)' + required: false + default: 'false' token-setup-trivy: description: > `token-setup-trivy` is required when `github.token` in invalid for `https://github.com` server. @@ -185,6 +189,7 @@ runs: set_env_var_if_provided "TRIVY_CONFIG" "${{ inputs.trivy-config }}" "" set_env_var_if_provided "TRIVY_TF_VARS" "${{ inputs.tf-vars }}" "" set_env_var_if_provided "TRIVY_DOCKER_HOST" "${{ inputs.docker-host }}" "" + set_env_var_if_provided "TRIVY_INCLUDE_DEV_DEPS" "${{ inputs.include-dev-deps }}" "" - name: Run Trivy shell: bash