This repository has been archived by the owner on Apr 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
action.yml
64 lines (64 loc) · 3.25 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: "Deep Security Smart Check"
description: "Scan container images with Deep Security Smart Check."
inputs:
DSSC_IMAGE_NAME:
description: "(MANDATORY) Container repository, eg registryhost/myimage."
required: true
DSSC_SMARTCHECK_HOST:
description: "(MANDATORY) Deep Security Smart Check url, eg smartcheck.example.com"
required: true
DSSC_SMARTCHECK_USER:
description: "(MANDATORY) Deep Security Smart Check username, eg admin."
required: true
DSSC_SMARTCHECK_PASSWORD:
description: (MANDATORY) Deep Security Smart Check password, eg 12345.
required: true
DSSC_IMAGE_PULL_AUTH:
description: (MANDATORY) Container registry credentials in a json format, eg '{"username":"<user>","password":"<password>"}' or {"aws":{"region":"us-east-1","accessKeyID":"'AWS_ACCESS_KEY_ID'","secretAccessKey":"'AWS_SECRET_ACCESS_KEY'"}}'
required: true
DSSC_INSECURE_SKIP_TLS_VERIFY:
description: (OPTIONAL) If the client should ignore certificate errors when connecting to Deep Security Smart Check. You may want to set this if you've configured a self signed cert. eg true
required: false
default: "true"
DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY:
description: (OPTIONAL) If Deep Security Smart Check should ignore certificate errors from the image registry. eg true
required: false
default: "true"
DSSC_PREREGISTRY_SCAN:
description: (OPTIONAL) Specify this option to trigger a "pre-registry scan", which pushes the image to a temporary registry on the scan system.
required: false
DSSC_PREREGISTRY_HOST:
description: (OPTIONAL) The hostname of the temporary registry. Defaults to the smartcheck-host on port 5000.
required: false
DSSC_PREREGISTRY_USER:
description: (OPTIONAL) The username to authenticate with the temporary registry.
required: false
DSSC_PREREGISTRY_PASSWORD:
description: (OPTIONAL) The password to authenticate with the temporary registry.
required: false
DSSC_RESULTS_FILE:
description: (OPTIONAL) The path to write the scan results to. If not provided, the scan results will be written to stdout.
required: false
DSSC_FINDINGS_THRESHOLD:
description: (OPTIONAL) A JSON object that can be used to fail this step if an image contains findings that exceed the threshold.
required: false
branding:
icon: "check"
color: "red"
runs:
using: "docker"
image: "docker://deepsecurity/smartcheck-scan-action:latest"
env:
DSSC_IMAGE_NAME: ${{ inputs.DSSC_IMAGE_NAME }}
DSSC_SMARTCHECK_HOST: ${{ inputs.DSSC_SMARTCHECK_HOST }}
DSSC_SMARTCHECK_USER: ${{ inputs.DSSC_SMARTCHECK_USER }}
DSSC_SMARTCHECK_PASSWORD: ${{ inputs.DSSC_SMARTCHECK_PASSWORD }}
DSSC_IMAGE_PULL_AUTH: ${{ inputs.DSSC_IMAGE_PULL_AUTH }}
DSSC_INSECURE_SKIP_TLS_VERIFY: ${{ inputs.DSSC_INSECURE_SKIP_TLS_VERIFY }}
DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: ${{ inputs.DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY }}
DSSC_PREREGISTRY_SCAN: ${{ inputs.DSSC_PREREGISTRY_SCAN }}
DSSC_PREREGISTRY_HOST: ${{ inputs.DSSC_PREREGISTRY_HOST }}
DSSC_PREREGISTRY_USER: ${{ inputs.DSSC_PREREGISTRY_USER }}
DSSC_PREREGISTRY_PASSWORD: ${{ inputs.DSSC_PREREGISTRY_PASSWORD }}
DSSC_RESULTS_FILE: ${{ inputs.DSSC_RESULTS_FILE }}
DSSC_FINDINGS_THRESHOLD: ${{ inputs.DSSC_FINDINGS_THRESHOLD }}