Skip to content
check

GitHub Action

quay-vulnerability-check

v0.12.0 Latest version

quay-vulnerability-check

check

quay-vulnerability-check

GitHub Action for reporting Docker image vulnerabilities on Quay registry

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: quay-vulnerability-check

              
  uses: atilsensalduz/[email protected]
Learn more about this action in atilsensalduz/quay-image-vulnerability-check-action

Choose a version

Quay Vulnerability Check GitHub Action

Integration Test

This GitHub Action checks Docker image vulnerabilities on Quay.io registry.

Usage

Inputs

  • organization (required): The organization name on Quay.io where the repository is located.
  • repository (required): The name of the repository on Quay.io to check for vulnerabilities.
  • image_tag (required): The tag of the Docker image in the specified repository to check for vulnerabilities.
  • quay_token (required): The Quay.io authentication token with necessary permissions to access the repository and perform vulnerability checks.
  • severities (optional): Comma-separated list of allowed severities. Example: 'High,Critical'. If not provided, all severities will be considered. Allowed values: Unknown, Low, Medium, High, Critical.
  • exit_code (optional): The exit code to be set if vulnerabilities are found. Allowed values: 0 (default) or 1.

Example Workflow

name: Quay Vulnerability Check

on:
  workflow_dispatch:
    inputs:
      organization:
        description: 'Quay organization'
        required: true
      repository:
        description: 'Quay repository'
        required: true
      image_tag:
        description: 'Docker image tag'
        required: true

jobs:
  check-vulnerabilities:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Run Quay Vulnerability Check
      uses: atilsensalduz/quay-image-vulnerability-check-action:v0.9.0
      with:
        organization: ${{ inputs.organization }}
        repository: ${{ inputs.repository }}
        image_tag: ${{ inputs.image_tag }}
        quay_token: ${{ secrets.QUAY_TOKEN }}
        severities: "High, Critical"
        exit_code: "1"

      - name: Generate Report on Action Summary
        if: always()
        run: |
          cat vulnerabilities_report.md >> $GITHUB_STEP_SUMMARY