Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add configuration file input #299

Closed
wants to merge 2 commits into from
Closed

Add configuration file input #299

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d752a9a
Add configuration file flag input
p5 Apr 5, 2024
c615b5e
Fix input parameter name in javascript
p5 Apr 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ The inputs `image`, `path`, and `sbom` are mutually exclusive to specify the sou
| `image` | The image to scan | N/A |
| `path` | The file path to scan | N/A |
| `sbom` | The SBOM to scan | N/A |
| `config` | The path to the Grype configuration file | |
| `registry-username` | The registry username to use when authenticating to an external registry | |
| `registry-password` | The registry password to use when authenticating to an external registry | |
| `fail-build` | Fail the build if a vulnerability is found with a higher severity. That severity defaults to `medium` and can be set with `severity-cutoff`. | `true` |
Expand Down
3 changes: 3 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ inputs:
sbom:
description: 'The SBOM file to scan. This option is mutually exclusive with "path" and "image".'
required: false
config:
description: 'The path to the Grype configuration file.'
required: false
fail-build:
description: "Set to false to avoid failing based on severity-cutoff. Default is to fail when severity-cutoff is reached (or surpassed)"
required: false
Expand Down
8 changes: 8 additions & 0 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ async function run() {
// Grype accepts several input options, initially this action is supporting both `image` and `path`, so
// a check must happen to ensure one is selected at least, and then return it
const source = sourceInput();
const config = core.getInput("config");
const failBuild = core.getInput("fail-build") || "true";
const outputFormat = core.getInput("output-format") || "sarif";
const severityCutoff = core.getInput("severity-cutoff") || "medium";
Expand All @@ -109,6 +110,7 @@ async function run() {
const vex = core.getInput("vex") || "";
const out = await runScan({
source,
config,
failBuild,
severityCutoff,
onlyFixed,
Expand All @@ -127,6 +129,7 @@ async function run() {

async function runScan({
source,
config,
failBuild,
severityCutoff,
onlyFixed,
Expand Down Expand Up @@ -170,6 +173,10 @@ async function runScan({

cmdArgs.push("-o", outputFormat);

if (config) {
cmdArgs.push("--config", config);
}

if (
!SEVERITY_LIST.some(
(item) =>
Expand Down Expand Up @@ -197,6 +204,7 @@ async function runScan({
await installGrype(grypeVersion);

core.debug("Source: " + source);
core.debug("Config: " + config);
core.debug("Fail Build: " + failBuild);
core.debug("Severity Cutoff: " + severityCutoff);
core.debug("Only Fixed: " + onlyFixed);
Expand Down
8 changes: 8 additions & 0 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ async function run() {
// Grype accepts several input options, initially this action is supporting both `image` and `path`, so
// a check must happen to ensure one is selected at least, and then return it
const source = sourceInput();
const config = core.getInput("config");
const failBuild = core.getInput("fail-build") || "true";
const outputFormat = core.getInput("output-format") || "sarif";
const severityCutoff = core.getInput("severity-cutoff") || "medium";
Expand All @@ -95,6 +96,7 @@ async function run() {
const vex = core.getInput("vex") || "";
const out = await runScan({
source,
config,
failBuild,
severityCutoff,
onlyFixed,
Expand All @@ -113,6 +115,7 @@ async function run() {

async function runScan({
source,
config,
failBuild,
severityCutoff,
onlyFixed,
Expand Down Expand Up @@ -156,6 +159,10 @@ async function runScan({

cmdArgs.push("-o", outputFormat);

if (config) {
cmdArgs.push("--config", config);
}

if (
!SEVERITY_LIST.some(
(item) =>
Expand Down Expand Up @@ -183,6 +190,7 @@ async function runScan({
await installGrype(grypeVersion);

core.debug("Source: " + source);
core.debug("Config: " + config);
core.debug("Fail Build: " + failBuild);
core.debug("Severity Cutoff: " + severityCutoff);
core.debug("Only Fixed: " + onlyFixed);
Expand Down
32 changes: 31 additions & 1 deletion tests/action_args.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ describe("Github action args", () => {
"output-format": "json",
"severity-cutoff": "medium",
"add-cpes-if-none": "true",
"vex": "test.vex",
vex: "test.vex",
};
const spyInput = jest.spyOn(core, "getInput").mockImplementation((name) => {
try {
Expand Down Expand Up @@ -162,4 +162,34 @@ describe("Github action args", () => {

spyInput.mockRestore();
});

it("runs with config file", async () => {
const inputs = {
path: "tests/fixtures/npm-project",
config: "tests/fixtures/config-file/custom-config.yaml",
};
const spyInput = jest.spyOn(core, "getInput").mockImplementation((name) => {
try {
return inputs[name];
} finally {
inputs[name] = true;
}
});

const outputs = {};
const spyOutput = jest
.spyOn(core, "setOutput")
.mockImplementation((name, value) => {
outputs[name] = value;
});

await run();

Object.keys(inputs).map((name) => {
expect(inputs[name]).toBe(true);
});

spyInput.mockRestore();
spyOutput.mockRestore();
});
});
Empty file added tests/fixtures/config-file/custom-config.yaml
View file
Open in desktop
Empty file.
Loading