diff --git a/README.md b/README.md index 6e4b551..32f5ce8 100644 --- a/README.md +++ b/README.md @@ -681,6 +681,7 @@ Following inputs can be used as `step.with` keys: | `limit-severities-for-sarif` | Boolean | false | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true** | | `docker-host` | String | | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values | | `version` | String | `v0.56.1` | Trivy version to use, e.g. `latest` or `v0.56.1` | +| `skip-setup` | Boolean | false | Whether to skip installing the `trivy` binary, if you are installing it via your own means, or are calling this action multiple times in a workflow then you may wish to set this to true on subsequent calls. | ### Environment variables You can use [Trivy environment variables][trivy-env] to set the necessary options (including flags that are not supported by [Inputs](#inputs), such as `--secret-config`). diff --git a/action.yaml b/action.yaml index 12c9b59..f3d06b0 100644 --- a/action.yaml +++ b/action.yaml @@ -103,11 +103,18 @@ inputs: description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.' required: false default: 'true' + skip-setup: + description: | + Used to disable installing the trivy binary. Set to true if you have already installed the binary by other means, + or are invoking this action multiple times in your workflow and want to avoid repeatedly installing it. + required: false + default: 'false' runs: using: 'composite' steps: - name: Install Trivy + if: ${{ inputs.skip-setup == 'false' }} uses: aquasecurity/setup-trivy@v0.1.0 with: version: ${{ inputs.version }}