This GitHub Action checks Docker image vulnerabilities on Quay.io registry.

• organization (required): The organization name on Quay.io where the repository is located.
• repository (required): The name of the repository on Quay.io to check for vulnerabilities.
• image_tag (required): The tag of the Docker image in the specified repository to check for vulnerabilities.
• quay_token (required): The Quay.io authentication token with necessary permissions to access the repository and perform vulnerability checks.
• severities (optional): Comma-separated list of allowed severities. Example: 'High,Critical'. If not provided, all severities will be considered. Allowed values: Unknown, Low, Medium, High, Critical.
• exit_code (optional): The exit code to be set if vulnerabilities are found. Allowed values: 0 (default) or 1.

name: Quay Vulnerability Check

on:
  push:
    branches:
      - main

jobs:
  check-vulnerabilities:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Run Quay Vulnerability Check
      uses: atilsensalduz/[email protected]
      with:
        organization: ${{ secrets.QUAY_ORGANIZATION }}
        repository: ${{ secrets.QUAY_REPOSITORY }}
        image_tag: ${{ secrets.IMAGE_TAG }}
        quay_token: ${{ secrets.QUAY_TOKEN }}
        severities: "High, Critical"
        exit_code: "1"