feat: Enhance action.yaml with additional outputs for downstream integration #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bilals12
force-pushed
the
c/updating-container-scan-action
branch
from
8716afd to
2eacad8
Compare
tagoro9
reviewed
Nov 22, 2024
bilals12
force-pushed
the
c/updating-container-scan-action
branch
from
2eacad8 to
fe28659
Compare
bilals12
force-pushed
the
c/updating-container-scan-action
branch
from
e720887 to
392484f
Compare
bilals12
force-pushed
the
c/updating-container-scan-action
branch
2 times, most recently
from
6e0e637 to
b4fd165
Compare
- adds test workflow for scanning containers - formats scan results for New Relic integration - includes debug mode and configurable inputs - preserves results as workflow artifacts feat: update action.yaml for additional outputs (image-name, image-tag) for downstream processing chore: remove scan-output-test.yaml from branch fix: resolve set-output and input issues in container-scan action fix: resolving errors fix: align outputs and cleanup references in container scan action fix: add required inputs for container scan Added input definitions for: - lw-account-name - lw-access-token - github-token - build-args Pass build-args to docker-build action feat(action): add JSON output format support - Add output-format parameter to control scan results format - Pass format parameter to Lacework scanner - Default to JSON for better parsing fix(scan): disable verbose output for JSON format - Add scanner flag to output clean JSON - Enable proper parsing of scan results fix(scan): use correct JSON output flag for Lacework scanner - Add -j=true flag to force JSON output format - Remove output-format parameter fix(scan): use correct parameter name for JSON output - Replace SCANNER_FLAGS with ADDITIONAL_PARAMETERS - Maintain -j=true flag for JSON format feat: add optional skip-checkout input to container-scan action fix(ci): restore PR commenting and result formatting in security scan action - Added steps to check and delete previous PR comments to ensure clean re-runs. - Restored PR commenting functionality with formatted Lacework scan results. - Improved validation of to prevent runtime errors. - Ensured Docker images are properly cleaned up after the scan process. This change addresses feedback regarding missing PR comments and maintains the expected behavior of the workflow. fix(ci): restored ADDITIONAL_PARAMETERS to enable JSON output. fix: add missing shell property to container scan action fix: add winterjung/comment@v1, type: delete feat(security): enable table output for container scan results - Add RESULTS_IN_GITHUB_SUMMARY and PRETTY_OUTPUT flags to Lacework scanner config - Maintain JSON output for New Relic metrics integration - Improve scan result readability in PR comments The scanner will now display results in both table format for GitHub and JSON for metrics reporting. feat(security): enable table output for scan results while preserving JSON for metrics Set PRETTY_OUTPUT and RESULTS_IN_GITHUB_SUMMARY to true while maintaining JSON output for New Relic integration using --save-results flag feat(security): parse JSON scan results into markdown table Keep JSON output for New Relic integration while adding JQ-based parsing to generate readable table format for PR comments feat(security): parse JSON scan results into markdown table Keep JSON output for New Relic integration while adding JQ-based parsing to generate readable table format for PR comments fix(ci): recreating pretty table feat(security): add formatted Lacework vulnerability report for PR comments - Parse Lacework JSON scan results into a readable markdown table. - Generate a summary table with severity counts and detailed vulnerabilities. - Add support for posting formatted results as PR comments. - Ensure compatibility with consuming workflows. fix(ci): revert to JSON results, table format failing
bilals12
force-pushed
the
c/updating-container-scan-action
branch
from
09b55cc to
a9dccbb
Compare
Release notes previewNo new release will be created. If you are expecting a release, you will need to either fix a bug or add a feature. |
tagoro9
reviewed
Dec 11, 2024
There was a problem hiding this comment.
There is something odd in the PR. The title says feat but the only commit says test. This is not going to create a new release of the action.
You are doing some refactoring in the same commit, making the review a bit harder. It would be nice to split things into separate commits
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
new outputs:
image-name: outputs Docker image name after scanning.image-tag: outputs Docker image tag after scanning.scan-results: path to scan results file.this will (hopefully) also allow downstream processes to consume these scan results programmatically.
some additional context:
these changes support integrating this GHA with external tools, such as the TypeScript program that will be in
it-security-tooling/security-engineering, to fetch Lacework scan results and then report them to New Relic.