From 37edabbecaa3535151fd9cc4f4a1f6f34483ae85 Mon Sep 17 00:00:00 2001
From: Patrik Hajnal <patrik.hajnal@odevo.com>
Date: Thu, 24 Oct 2024 11:23:15 +0200
Subject: [PATCH 1/2] feat: add include-dev-deps parameter option

---
 action.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/action.yaml b/action.yaml
index aad6fdd..aa422b4 100644
--- a/action.yaml
+++ b/action.yaml
@@ -107,6 +107,10 @@ inputs:
     description: 'skip calling the setup-trivy action to install trivy'
     required: false
     default: 'false'
+  include-dev-deps:
+    description: 'include development dependencies in the report (supported: npm, yarn)'
+    required: false
+    default: 'false'
 
 runs:
   using: 'composite'
@@ -175,6 +179,7 @@ runs:
         set_env_var_if_provided "TRIVY_CONFIG" "${{ inputs.trivy-config }}" ""
         set_env_var_if_provided "TRIVY_TF_VARS" "${{ inputs.tf-vars }}" ""
         set_env_var_if_provided "TRIVY_DOCKER_HOST" "${{ inputs.docker-host }}" ""
+        set_env_var_if_provided "TRIVY_INCLUDE_DEV_DEPS" "${{ inputs.include-dev-deps }}" ""
 
     - name: Run Trivy
       shell: bash

From aa1b4ed6197a3d6f1ee37f029433f5d8eb135e6c Mon Sep 17 00:00:00 2001
From: Patrik Hajnal <patrik.hajnal@odevo.com>
Date: Thu, 24 Oct 2024 11:24:39 +0200
Subject: [PATCH 2/2] docs: extend inputs with include-dev-deps

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 128f95d..48b8bab 100644
--- a/README.md
+++ b/README.md
@@ -777,6 +777,7 @@ Following inputs can be used as `step.with` keys:
 | `docker-host`                | String  |                                    | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values                                      |
 | `version`                    | String  | `v0.56.1`                          | Trivy version to use, e.g. `latest` or `v0.56.1`                                                                                                               |
 | `skip-setup-trivy`           | Boolean | false                              | Skip calling the `setup-trivy` action to install `trivy`                                                                                                       |
+| `include-dev-deps`           | Boolean | false                              | Include development dependencies in the report (supported: `npm`, `yarn`)                                                                                                       |
 
 ### Environment variables
 You can use [Trivy environment variables][trivy-env] to set the necessary options (including flags that are not supported by [Inputs](#inputs), such as `--secret-config`).