Test Vulnerability Thresholds #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Vulnerability Thresholds | |
| # This workflow tests that the action successfully | |
| # sets the vulnerability threshold exceeded flag. | |
| on: | |
| schedule: | |
| - cron: '0 */6 * * *' # runs every 6 hours | |
| push: | |
| branches: # | |
| - '*' | |
| jobs: | |
| build: | |
| name: Build docker image | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: plugin-development | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Scan artifact with Inspector | |
| uses: ./ # Uses an action in the root directory | |
| id: inspector | |
| with: | |
| artifact_type: 'archive' | |
| artifact_path: 'entrypoint/tests/test_data/artifacts/archives/testData.zip' | |
| output_sbom_path: 'sbom.json' | |
| output_inspector_scan_path: 'inspector_scan.json' | |
| output_inspector_scan_path_csv: 'inspector_scan.csv' | |
| critical_threshold: 1 | |
| high_threshold: 1 | |
| medium_threshold: 1 | |
| low_threshold: 1 | |
| other_threshold: 1 | |
| - name: Fail if vulnerability threshold is exceeded | |
| run: if [[ ${{ steps.inspector.outputs.vulnerability_threshold_exceeded }} != "1" ]]; then echo "test failed"; else echo "test passed"; fi | |
| # TODO: handle failure case |