ghaction-container-scan icon indicating copy to clipboard operation
ghaction-container-scan copied to clipboard

Published 20 hours ago verified publisher icon crazy-max

Pass more arguments to trivy

Open aapjeisbaas opened this issue 2 years ago • 4 comments

Would it be an idea to have an ENV var that will be used to pass along with the trivy command? I would like to pass:

--security-checks vuln
--ignore-unfixed

What would make it a bit difficult is that some of the params need a specific location in the command

trivy --security-checks vuln image --ignore-unfixed --severity HIGH examples/python-fastapi:latest -d

Otherwise I would like ta have a "with" param to set ignore-unfixed and security-checks

aapjeisbaas avatar Aug 24 '22 11:08 aapjeisbaas

We could have a args input. Would look like this:

      -
        name: Scan for vulnerabilities
        uses: crazy-max/ghaction-container-scan@v2
        with:
          image: user/app:latest
          args: |
            --security-checks vuln
            --ignore-unfixed

crazy-max avatar Jan 29 '23 17:01 crazy-max

this would be great, I'm looking for --ignore-unfixed option, since currently this blocks pipelines even if vulnerability can't be fixed

bryan-rhm avatar May 12 '23 14:05 bryan-rhm

Thanks so much for this action! It's super cool. In my case, this would be useful to pass --exit-code so I can fail the job if the scan picks up something.

c-ameron avatar Jul 21 '23 08:07 c-ameron

Hey, any chance this feature will be addressed soon?

ziv-airis avatar Mar 11 '24 13:03 ziv-airis