From e8dbe610e959cbf6b44f679bbf0a5f16d117c3b9 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Fri, 11 Oct 2024 10:50:03 +0400
Subject: [PATCH] test

https://github.com/aquasecurity/trivy-action/pull/399#issuecomment-2404995222

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 .github/workflows/test.yaml                   | 26 +++++++
 .github/workflows/trivy_markdown_template.tpl | 77 +++++++++++++++++++
 2 files changed, 103 insertions(+)
 create mode 100644 .github/workflows/test.yaml
 create mode 100644 .github/workflows/trivy_markdown_template.tpl

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 0000000..1057691
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,26 @@
+name: Scan image
+on:
+  workflow_dispatch:
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Vulnerability scan (fixed and non-fixed)
+        uses: aquasecurity/trivy-action@0.25.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+        with:
+          image-ref: 'alpine:3.20.0'
+          format: 'template'
+          # Manually downloaded the template from the Trivy GitHub repo since it is somehow not found by default
+          template: '@/github/workspace/.github/workflows/trivy_html_template.tpl'
+          output: 'report.html'
+          severity: 'HIGH,CRITICAL'
+          timeout: '12m'
diff --git a/.github/workflows/trivy_markdown_template.tpl b/.github/workflows/trivy_markdown_template.tpl
new file mode 100644
index 0000000..ca3978c
--- /dev/null
+++ b/.github/workflows/trivy_markdown_template.tpl
@@ -0,0 +1,77 @@
+{{- if . }}
+{{- range . }}
+<h3>Target <code>{{ escapeXML .Target }}</code></h3>
+{{- if (and (eq (len .Vulnerabilities) 0) (eq (len .Misconfigurations) 0) (eq (len .Secrets) 0)) }}
+<h4>Nothing found</h4>
+{{- else }} 
+{{- if (gt (len .Vulnerabilities) 0) }}
+<h4>Vulnerabilities ({{ len .Vulnerabilities }})</h4>
+<table>
+    <tr>
+        <th>Package</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+    </tr>
+    {{- range .Vulnerabilities }}
+    <tr>
+        <td><code>{{ escapeXML .PkgName }}</code></td>
+        <td>{{ escapeXML .VulnerabilityID }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>{{ escapeXML .InstalledVersion }}</td>
+        <td>{{ escapeXML .FixedVersion }}</td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- if (gt (len .Misconfigurations ) 0) }}
+<h4>Misconfigurations ({{ len .Misconfigurations }})</h4>
+<table>
+    <tr>
+        <th>Type</th>
+        <th>ID</th>
+        <th>Check</th>
+        <th>Severity</th>
+        <th>Message</th>
+    </tr>
+    {{- range .Misconfigurations }}
+    <tr>
+        <td>{{ escapeXML .Type }}</td>
+        <td>{{ escapeXML .ID }}</td>
+        <td>{{ escapeXML .Title }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>
+          {{ escapeXML .Message }}
+          <br><a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a></br>
+        </td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- if (gt (len .Secrets ) 0) }}
+<h4>Secrets ({{ len .Secrets }})</h4>
+<table>
+    <tr>
+        <th>Type</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Lines</th>
+        <th>Match</th>
+    </tr>
+    {{- range .Secrets }}
+    <tr>
+        <td>{{ escapeXML (toString .Category) }}</td>
+        <td>{{ escapeXML .RuleID }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>{{ escapeXML (toString .StartLine) }}-{{ escapeXML (toString .EndLine) }}</td>
+        <td>{{ escapeXML .Match }}</td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- end }}
+{{- end }}
+{{- else }}
+<h3>Trivy Returned Empty Report</h3>
+{{- end }}