Skip to content

Commit

Permalink
Make 'hide-progress' input working again (#323)
Browse files Browse the repository at this point in the history
* Make hide-progress input working again

* Unify 'hide-progress' default value
  • Loading branch information
uridium authored Mar 29, 2024
1 parent d710430 commit f72b7e8
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 10 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
run: |
docker pull <your-docker-image>
docker save -o vuln-image.tar <your-docker-image>
- name: Run Trivy vulnerability scanner in tarball mode
uses: aquasecurity/trivy-action@master
with:
Expand Down Expand Up @@ -287,7 +287,7 @@ jobs:
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
hide-progress: false
hide-progress: true
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '1'
Expand All @@ -303,7 +303,7 @@ jobs:
### Using Trivy to generate SBOM
It's possible for Trivy to generate an [SBOM](https://www.aquasec.com/cloud-native-academy/supply-chain-security/sbom/) of your dependencies and submit them to a consumer like [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).

The [sending of an SBOM to GitHub](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) feature is only available if you currently have GitHub Dependency Graph [enabled in your repo](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
The [sending of an SBOM to GitHub](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) feature is only available if you currently have GitHub Dependency Graph [enabled in your repo](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).

In order to send results to GitHub Dependency Graph, you will need to create a [GitHub PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) or use the [GitHub installation access token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) (also known as `GITHUB_TOKEN`):

Expand Down Expand Up @@ -554,7 +554,7 @@ Following inputs can be used as `step.with` keys:
| `cache-dir` | String | | Cache directory |
| `timeout` | String | `5m0s` | Scan timeout duration |
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
| `hide-progress` | String | `true` | Suppress progress bar |
| `hide-progress` | String | `false` | Suppress progress bar and log output |
| `list-all-pkgs` | String | | Output all packages regardless of vulnerability |
| `scanners` | String | `vuln,secret` | comma-separated list of what security issues to detect (`vuln`,`secret`,`config`) |
| `trivyignores` | String | | comma-separated list of relative paths in repository to one or more `.trivyignore` files |
Expand All @@ -575,4 +575,4 @@ When using the `trivy-config` [Input](#inputs), you can set options using the [T
[license]: https://github.com/aquasecurity/trivy-action/blob/master/LICENSE
[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-action
[trivy-env]: https://aquasecurity.github.io/trivy/latest/docs/configuration/#environment-variables
[trivy-config]: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
[trivy-config]: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
3 changes: 1 addition & 2 deletions action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ inputs:
required: false
default: ''
hide-progress:
description: 'hide progress output'
description: 'suppress progress bar and log output'
required: false
list-all-pkgs:
description: 'output all packages regardless of vulnerability'
Expand Down Expand Up @@ -123,4 +123,3 @@ runs:
- '-v ${{ inputs.trivy-config }}'
- '-x ${{ inputs.tf-vars }}'
- '-z ${{ inputs.limit-severities-for-sarif }}'

6 changes: 3 additions & 3 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ if [ $skipDirs ];then
fi
if [ $tfVars ] && [ "$scanType" == "config" ];then
ARGS="$ARGS --tf-vars $tfVars"
fi
fi

if [ $trivyIgnores ];then
for f in $(echo $trivyIgnores | tr "," "\n")
Expand All @@ -162,8 +162,8 @@ if [ $ignorePolicy ];then
SARIF_ARGS="$SARIF_ARGS --ignore-policy $ignorePolicy"
fi
if [ "$hideProgress" == "true" ];then
ARGS="$ARGS --no-progress"
SARIF_ARGS="$SARIF_ARGS --no-progress"
ARGS="$ARGS --quiet"
SARIF_ARGS="$SARIF_ARGS --quiet"
fi

listAllPkgs=$(echo $listAllPkgs | tr -d '\r')
Expand Down

0 comments on commit f72b7e8

Please sign in to comment.