Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC-3351: Refactor action.yaml in container-scan #49

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

SEC-3351: Refactor action.yaml in container-scan #49

wants to merge 5 commits into from

Conversation

bilals12
Copy link

@bilals12 bilals12 commented Dec 17, 2024
edited
Loading

Description

Fixes #SEC-3351

Security Scan Action Refactor

This PR streamlines the container scan action as part of our security scanning architecture improvements. The changes are designed to:

Architectural Changes

  • Separate core scanning functionality from reporting/feedback mechanisms
  • Move PR commenting and reporting logic to the reusable workflow layer
  • Provide cleaner outputs for downstream consumption

Key Benefits

  • Clearer separation of concerns between scanning and reporting
  • More maintainable action structure
  • Better integration with our upcoming reusable workflow

Implementation Details

  • Focus action solely on container scanning with Lacework
  • Structured outputs for scan results
  • Maintain Docker build integration
  • Remove redundant configuration

Migration Path

For teams currently using this action directly:

  1. Continue using the current version (@v1)
  2. Plan to migrate to the reusable workflow when available
  3. New version (@v2) will be released after this PR

Changes

  • feat(security): streamline container scan action

🚀 PR created with fotingo

@bilals12
feat(security): streamline container scan action
89364f0 
- Remove PR commenting and reporting logic
- Focus action on core scanning functionality
- Add structured outputs for scan results
- Maintain existing Docker build integration
- Clean up redundant inputs

Breaking changes:
- Removed github-token input
- Changed outputs structure
- Removed PR comment handling
@bilals12 bilals12 requested a review from a team as a code owner December 17, 2024 16:01
tagoro9
tagoro9 reviewed Dec 17, 2024
View reviewed changes
Copy link
Contributor

@tagoro9 tagoro9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add to the pull request description more details about your intention with this PR?

container-scan/action.yaml Show resolved Hide resolved
gopkri24
gopkri24 requested changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@gopkri24 gopkri24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also post a screenshot of where this changes are tested?

container-scan/action.yaml Outdated Show resolved Hide resolved
@bilals12 bilals12 self-assigned this Dec 17, 2024
@bilals12
fix: restoring docker secrets to help prevent image build failures in…
a8f224c 
… private repos
@bilals12
fix(security): add repository checkout to container scan action
e3e3f51 
- Add checkout step to ensure proper file access
- Enable docker build to find configuration files
- Support correct Dockerfile path resolution
- Fix action file resolution

SEC-3351
@bilals12
fix(security): add missing Docker credentials to container scan action
70e5b15 
- Add DockerHub credentials to container scan action inputs
- Pass credentials from reusable workflow to container scan
- Fix credentials chain from workflow to Docker build
- Remove redundant build args setup

SEC-3351
@bilals12
Merge branch 'main' into f/sec-3351_refactor_action-yaml_in_container…
5c0e89a 
…-scan
@github-actions GitHub Actions
Copy link

Release notes preview

Below is a preview of the release notes if your PR gets merged.

3.1.0 (2024-12-19)

Features

  • security: streamline container scan action (89364f0)

Bug Fixes

  • security: add missing Docker credentials to container scan action (70e5b15)
  • security: add repository checkout to container scan action (e3e3f51)
  • restoring docker secrets to help prevent image build failures in private repos (a8f224c)

Miscellaneous

  • deps: update open-turo/actions-security action to v3 (256a6bc)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tagoro9 tagoro9 tagoro9 left review comments

@gopkri24 gopkri24 gopkri24 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@bilals12 bilals12

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bilals12 @tagoro9 @gopkri24