Skip to content

Commit

Permalink
Merge pull request #4 from udit-uniyal/main
Browse files Browse the repository at this point in the history 
Updated action.yml and Readme.md
  • Loading branch information
@udit-uniyal
udit-uniyal authored Feb 23, 2024
2 parents bdcd583 + 851f904 commit d2c6396
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 48 deletions.
55 changes: 15 additions & 40 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,19 @@
# install-action

Github actions to install vulnerability scanner.
# Automate Container Image Security Scanning with AccuKnox GitHub Action

## Learn More

- [About Accuknox](https://www.accuknox.com/)

## Inputs

```yaml
inputs:
dockerfile_context:
description: 'The context of the Dockerfile to use for building the image.'
required: true
default: 'Dockerfile'
endpoint:
description: 'The URL of the CSPM panel to push the scan results to.'
required: true
default: 'cspm.demo.accuknox.com'
token:
description: 'The token for authenticating with the CSPM panel.'
required: true
tenant_id:
description: 'The ID of the tenant associated with the CSPM panel.'
required: true
repository_name:
description: 'Docker image repository name'
required: true
tag:
description: 'Add version tag to the repository'
required: true
default: '${{ github.run_id }}'
severity:
description: "Allows selection of severity level for the scan. Options include UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL. If specified, the scan will target vulnerabilities of the selected severity level."
required: false
default: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
code:
description: "Values '0' and '1' are accepted. '0' is the default value, which indicates that the pipeline will not be halted if the specified severity is found, while '1' indicates that the pipeline will stop if a specified severity level is detected."
required: false
default: '0'
```
| Input Values | Description | Optional/Required | Default Values |
|---------------------|-------------------------------------------------------------------------------------------------------|-------------------|-----------------------------|
| dockerfile_context | The context of the Dockerfile to use for building the image. | Optional | Dockerfile |
| endpoint | The URL of the CSPM panel to push the scan results to. | Optional | `cspm.demo.accuknox.com` |
| token | The token for authenticating with the CSPM panel. | Required | - |
| tenant_id | The ID of the tenant associated with the CSPM panel. | Required | - |
| repository_name | Docker image repository name. | Required | - |
| tag | Add version tag to the repository. | Optional | `${{ github.run_id }}` |
| severity | Allows selection of severity level for the scan. Options include UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL. | Optional | `UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL` |
| exit_code | Specifies pipeline behavior upon detecting specified severity level. '0' (continue) or '1' (halt). | Optional | 0 |

## Usage

Expand Down Expand Up @@ -71,6 +45,7 @@ Click on Generate:
repository_name:
endpoint: #Optional
tag: #Optional
exit_code: #Optional
severity: #Optional
dockerfile_context: #Optional
```
Expand Down Expand Up @@ -100,7 +75,7 @@ jobs:
- name: Run AccuKnox CSPM Scan
uses: accuknox/[email protected]
with:
token:
tenant_id:
repository_name:
token: ${{ secrets.TOKEN }}
tenant_id: ${{ secrets.TENANT_ID }}
repository_name: ${{ github.repository }}
```
17 changes: 9 additions & 8 deletions action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ inputs:
description: "Allows selection of severity level for the scan. Options include UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL. If specified, the scan will target vulnerabilities of the selected severity level."
required: false
default: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
code:
exit_code:
description: "Values '0' and '1' are accepted. '0' is the default value, which indicates that the pipeline will not be halted if the specified severity is found, while '1' indicates that the pipeline will stop if a specified severity level is detected."
required: false
default: '0'
Expand All @@ -48,7 +48,7 @@ runs:
REPOSITORY_NAME: ${{ inputs.repository_name }}
TAG: ${{ inputs.tag }}
SEVERITY: ${{ inputs.severity }}
CODE: ${{ inputs.code }}
CODE: ${{ inputs.exit_code }}

- name: Docker Build
run: |
Expand All @@ -72,18 +72,19 @@ runs:
- name: Print AccuKnox Results
run: cat results.json
shell: bash


- name: Push report to CSPM panel
run: |
curl --location --request POST 'https://${{ inputs.endpoint }}/api/v1/artifact/?tenant_id=${{ inputs.tenant_id }}&data_type=TR&save_to_s3=false' --header 'Tenant-Id: ${{ inputs.tenant_id }}' --header 'Authorization: Bearer ${{ inputs.token }}' --form 'file=@"./results.json"'
shell: bash

- name: Run AccuKnox Vulnerability Scanner with specific tags
run: |
$Scan image --exit-code ${{ inputs.code }} --severity ${{ inputs.severity }} ${{ inputs.repository_name }}:${{ inputs.tag }} --quiet >/dev/null
$Scan image --exit-code ${{ inputs.exit_code }} --severity ${{ inputs.severity }} ${{ inputs.repository_name }}:${{ inputs.tag }} --quiet >/dev/null
env:
Scan: trivy
shell: bash

- name: Push report to CSPM panel
run: |
curl --location --request POST 'https://${{ inputs.endpoint }}/api/v1/artifact/?tenant_id=${{ inputs.tenant_id }}&data_type=TR&save_to_s3=false' --header 'Tenant-Id: ${{ inputs.tenant_id }}' --header 'Authorization: Bearer ${{ inputs.token }}' --form 'file=@"./results.json"'
shell: bash

branding:
icon: 'shield'
Expand Down

0 comments on commit d2c6396

Please sign in to comment.