-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yaml
92 lines (79 loc) · 2.25 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
name: "Scality SBOM Action"
description: "Creates an SBOM (Software Bill Of Materials) from your code, and artifacts."
author: "Scality"
branding:
color: blue
icon: shield
inputs:
grype-version:
description: "The version of grype to use"
required: false
syft-version:
description: "The version of syft to use"
required: false
trivy-version:
description: "The version of trivy to use"
required: false
target:
description: "The target to scan"
required: false
default: "./"
format:
description: "The SBOM format to export"
required: false
default: "cyclonedx-json"
output-dir:
description: "A directory to store the SBOM"
required: false
default: "/tmp/sbom"
exclude-mediatypes:
description: "Exclude specific media types from the SBOM"
required: false
name:
description: "The name of the target, if not detected"
required: false
version:
description: "The version of the target, if not detected"
required: false
vuln-report:
description: "Generate vulnerability report"
required: false
default: false
type: boolean
runs:
using: "composite"
steps:
- name: Install Python 3
uses: actions/setup-python@v5
with:
python-version: "3.10"
cache: "pip"
- name: Install python deps
shell: bash
run: |
pip install -r ${{ github.action_path }}/requirements.txt
- name: Install dependencies
shell: bash
run: |
export DEBIAN_FRONTEND=noninteractive && \
sudo apt-get update && \
sudo apt-get install --no-install-recommends -y \
file \
jq \
p7zip-full \
python3-setuptools
- name: Run the scan
shell: bash
env:
GRYPE_VERSION: ${{ inputs.grype-version }}
SYFT_VERSION: ${{ inputs.syft-version }}
TRIVY_VERSION: ${{ inputs.trivy-version }}
TARGET: ${{ inputs.target }}
FORMAT: ${{ inputs.format }}
OUTPUT_DIR: ${{ inputs.output-dir }}
EXCLUDE_MEDIATYPES: ${{ inputs.exclude-mediatypes }}
NAME: ${{ inputs.name }}
VERSION: ${{ inputs.version }}
VULN_REPORT: ${{ inputs.vuln-report }}
run: python3 ${{ github.action_path }}/src/main.py