Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make 'hide-progress' input working again #323

Merged
merged 2 commits into from
Mar 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
run: |
docker pull <your-docker-image>
docker save -o vuln-image.tar <your-docker-image>

- name: Run Trivy vulnerability scanner in tarball mode
uses: aquasecurity/trivy-action@master
with:
Expand Down Expand Up @@ -287,7 +287,7 @@ jobs:
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
hide-progress: false
hide-progress: true
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: '1'
Expand All @@ -303,7 +303,7 @@ jobs:
### Using Trivy to generate SBOM
It's possible for Trivy to generate an [SBOM](https://www.aquasec.com/cloud-native-academy/supply-chain-security/sbom/) of your dependencies and submit them to a consumer like [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).

The [sending of an SBOM to GitHub](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) feature is only available if you currently have GitHub Dependency Graph [enabled in your repo](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).
The [sending of an SBOM to GitHub](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) feature is only available if you currently have GitHub Dependency Graph [enabled in your repo](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository).

In order to send results to GitHub Dependency Graph, you will need to create a [GitHub PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) or use the [GitHub installation access token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) (also known as `GITHUB_TOKEN`):

Expand Down Expand Up @@ -554,7 +554,7 @@ Following inputs can be used as `step.with` keys:
| `cache-dir` | String | | Cache directory |
| `timeout` | String | `5m0s` | Scan timeout duration |
| `ignore-policy` | String | | Filter vulnerabilities with OPA rego language |
| `hide-progress` | String | `true` | Suppress progress bar |
| `hide-progress` | String | `false` | Suppress progress bar and log output |
| `list-all-pkgs` | String | | Output all packages regardless of vulnerability |
| `scanners` | String | `vuln,secret` | comma-separated list of what security issues to detect (`vuln`,`secret`,`config`) |
| `trivyignores` | String | | comma-separated list of relative paths in repository to one or more `.trivyignore` files |
Expand All @@ -575,4 +575,4 @@ When using the `trivy-config` [Input](#inputs), you can set options using the [T
[license]: https://github.com/aquasecurity/trivy-action/blob/master/LICENSE
[license-img]: https://img.shields.io/github/license/aquasecurity/trivy-action
[trivy-env]: https://aquasecurity.github.io/trivy/latest/docs/configuration/#environment-variables
[trivy-config]: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
[trivy-config]: https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
3 changes: 1 addition & 2 deletions action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ inputs:
required: false
default: ''
hide-progress:
description: 'hide progress output'
description: 'suppress progress bar and log output'
required: false
list-all-pkgs:
description: 'output all packages regardless of vulnerability'
Expand Down Expand Up @@ -123,4 +123,3 @@ runs:
- '-v ${{ inputs.trivy-config }}'
- '-x ${{ inputs.tf-vars }}'
- '-z ${{ inputs.limit-severities-for-sarif }}'

6 changes: 3 additions & 3 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ if [ $skipDirs ];then
fi
if [ $tfVars ] && [ "$scanType" == "config" ];then
ARGS="$ARGS --tf-vars $tfVars"
fi
fi

if [ $trivyIgnores ];then
for f in $(echo $trivyIgnores | tr "," "\n")
Expand All @@ -162,8 +162,8 @@ if [ $ignorePolicy ];then
SARIF_ARGS="$SARIF_ARGS --ignore-policy $ignorePolicy"
fi
if [ "$hideProgress" == "true" ];then
ARGS="$ARGS --no-progress"
SARIF_ARGS="$SARIF_ARGS --no-progress"
ARGS="$ARGS --quiet"
SARIF_ARGS="$SARIF_ARGS --quiet"
fi

listAllPkgs=$(echo $listAllPkgs | tr -d '\r')
Expand Down
Loading