feat: skip trivy scan

Kong · Sep 19, 2024 · cbe4eff · cbe4eff
1 parent d379af8
commit cbe4eff
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml
@@ -59,6 +59,14 @@ inputs:
     options:
       - 'true'
       - 'false'
+  skip_trivy_scan:
+    required: false
+    default: 'true'
+    description: 'Toggle to skip Trivy scan'
+    type: choice
+    options:
+      - 'true'
+      - 'false'
 
 outputs:
   cis-json-report:
@@ -296,7 +304,7 @@ runs:
 
     - name: Generate docker-cis JSON report
       uses: docker://ghcr.io/aquasecurity/trivy:0.37.2
-      if: ${{ steps.meta.outputs.scan_image != '' }}
+      if: ${{ inputs.skip_trivy_scan == 'false' && steps.meta.outputs.scan_image != '' }}
       id: cis_json
       with:
         entrypoint: trivy
@@ -306,7 +314,7 @@ runs:
         input: ${{ steps.docker_tar.outputs.files_exists == 'true' && '--input' || '' }}
 
     - name: upload docker-cis JSON report
-      if: ${{ steps.meta.outputs.scan_image != '' }}
+      if: ${{ inputs.skip_trivy_scan == 'false' && steps.meta.outputs.scan_image != '' }}
       uses: actions/upload-artifact@v4
       with:
         name: ${{ steps.meta.outputs.cis_json_file }}