action.yml

# https://help.github.com/en/articles/metadata-syntax-for-github-actions
name: 'Container Scan'
description: 'Check for vulnerabilities in your container image'
author: 'crazy-max'
branding:
  icon: 'shield'
  color: 'green'

inputs:
  trivy_version:
    description: 'Trivy CLI version (eg. v0.20.0)'
    default: 'latest'
    required: false
  image:
    description: 'Container image to scan (eg. alpine:3.7)'
    required: false
  tarball:
    description: 'Container image tarball path to scan'
    required: false
  dockerfile:
    description: 'Dockerfile required to generate a sarif report'
    required: false
  severity:
    description: 'Report vulnerabilities of provided level or higher (default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)'
    required: false
  severity_threshold:
    description: 'Defines threshold for severity'
    required: false
  annotations:
    description: 'Create GitHub annotations in your workflow for vulnerabilities discovered'
    default: 'false'
    required: false
  github_token:
    description: 'GitHub Token as provided by secrets'
    default: ${{ github.token }}
    required: false

outputs:
  json:
    description: 'JSON format scan result'
  sarif:
    description: 'SARIF format scan result'

runs:
  using: 'node20'
  main: 'dist/index.js'
  post: 'dist/index.js'