-
Notifications
You must be signed in to change notification settings - Fork 9
/
action.yaml
134 lines (132 loc) · 4.24 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "Orca Security - Container Image Scanning"
description: "Configures Orca CLI to run Container Image security scans"
branding:
icon: "shield"
color: "green"
runs:
using: "docker"
image: "Dockerfile"
env:
WORKSPACE_PATH: $GITHUB_WORKSPACE
inputs:
api_token:
description: "Orca API Token used for Authentication"
required: true
exit_code:
description: "Exit code for failed execution due to policy violations"
required: false
no_color:
description: "Disable color output"
required: false
default: "false"
project_key:
description: "Project Key name"
required: true
silent:
description: "Disable logs and warnings output"
required: false
default: "false"
baseline_context_key:
description: "Use this context key in case of no autodetect is configured on project"
required: false
disable_baseline:
description: "Do not compare to baseline on this scan"
required: false
default: "false"
sync_baseline:
description: "Sync baseline base on this flag"
required: false
disable_err_report:
description: "Suppress error reporting to the monitoring platform"
required: false
default: "false"
disable_secret:
description: "Disables the secret detection scanning"
required: false
default: "false"
hide_vulnerabilities:
description: "Do not show detailed view of the vulnerabilities findings"
required: false
default: "false"
num_cpu:
description: "Number of logical CPUs to be used for secret scanning (default 10)"
required: false
oci:
description: "Scan an OCI image"
required: false
tar_archive:
description: "Scan a tar archived image. Input should be the path of the image .tar file"
required: false
image:
description: "Container Image to scan"
required: true
format:
description: "Format for displaying the results"
required: false
output:
description: "Output directory"
required: false
control_timeout:
description: "Number of seconds the control has to execute before being canceled"
required: false
ignore_failed_exec_controls:
description: "Ignore any failures that happened while executing any of the controls"
required: false
timeout:
description: 'Set the maximum duration for the CLI execution. valid time units ("s", "m", "h")'
required: false
show_failed_issues_only:
description: "Show only failed issues in CLI results"
required: false
default: "false"
exceptions_filepath:
description: "Exceptions YAML filepath. (File should be mounted)"
required: false
custom_secret_controls:
description: "Path to custom secret controls file."
required: false
console_output:
description: "Prints results to console in the provided format (only when --output is provided)"
required: false
config:
description: "Path to configuration file (json, yaml or toml)"
required: false
show_annotations:
description: "Show github annotations on pull requests"
required: false
default: "true"
skip_remote_lookup:
description: "Do not perform remote lookups for dependency information during the scan"
required: false
default: "false"
display_name:
description: "Scan log display name (on Orca platform)"
required: false
hide_skipped_vulnerabilities:
description: "filter out skipped vulnerabilities from result"
required: false
default: "false"
max_secret:
description: "Set the maximum secrets that can be found, when reaching this number secret scan will stop"
required: false
exclude_paths:
description: "List of paths to be excluded from scan (comma-separated). Example: './notToBeScanned/,example.tf'"
required: false
dependency_tree:
description: "Show dependency origin tree of vulnerable packages"
required: false
default: "false"
debug:
description: "Debug mode"
required: false
default: "false"
disable_active_verification:
description: "Disable active verification"
required: false
default: "false"
log_path:
description: "The directory path to specify where the logs should be written to on debug mode. Default to the current working directory"
required: false
outputs:
exit_code:
description: "The exit code of the scan"