Merge pull request #5 from nayuta/support_trivy_command

Support trivy command and target
reviewdog · Dec 8, 2023 · 0465151 · 0465151
2 parents 348864d + 599f9e5
commit 0465151
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 1 deletion.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -23,6 +23,8 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
           reporter: github-check
           level: info
           working_directory: testdata/with_detections
@@ -60,6 +62,8 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
           reporter: github-check
           level: info
           working_directory: testdata/without_detections
@@ -98,6 +102,8 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
           reporter: github-pr-check
           level: info
           working_directory: testdata/with_detections
@@ -136,6 +142,8 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
           reporter: github-pr-review
           level: info
           working_directory: testdata/with_detections
@@ -179,6 +187,8 @@ jobs:
         id: test
         with:
           github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
           reporter: github-check
           level: info
           working_directory: testdata/with_detections

diff --git a/README.md b/README.md
@@ -33,6 +33,16 @@ the Pull Request Conversation:
 
 **Required**. Must be in form of `github_token: ${{ secrets.github_token }}`.
 
+### `trivy_command`
+
+**Required**. Trivy command [`aws`, `config`, `filesystem`,  `image`, `kubernetes`, `rootfs`, `sbom`, `vm`].
+You can see this with `trivy --help`
+
+### `trivy_target`
+
+**Required**. Target to scan.
+It's depends on the command. Please check [Trivy Docs](https://aquasecurity.github.io/trivy/latest/docs/)
+
 ### `working_directory`
 
 Optional. Directory to run the action on, from the repo root.

diff --git a/action.yml b/action.yml
@@ -45,6 +45,14 @@ inputs:
     description: 'Additional reviewdog flags'
     default: ''
     required: false
+  trivy_command:
+    description: |
+      Trivy command [aws,config,filesystem,image,kubernetes,rootfs,sbom,vm]
+    required: true
+  trivy_target:
+    description: |
+      Trivy target to scan
+    required: true
   trivy_version:
     description: |
       The version of trivy to install.
@@ -88,6 +96,8 @@ runs:
         INPUT_FAIL_ON_ERROR: ${{ inputs.fail_on_error }}
         INPUT_FLAGS: ${{ inputs.flags }}
         INPUT_TRIVY_VERSION: ${{ inputs.trivy_version }}
+        INPUT_TRIVY_COMMAND: ${{ inputs.trivy_command }}
+        INPUT_TRIVY_TARGET: ${{ inputs.trivy_target }}
         INPUT_TRIVY_FLAGS: ${{ inputs.trivy_flags }}
 
 branding:

diff --git a/script.sh b/script.sh
@@ -82,7 +82,7 @@ echo '::group:: Running trivy with reviewdog 🐶 ...'
   set +Eeuo pipefail
 
   # shellcheck disable=SC2086
-  "${TRIVY_PATH}/trivy" --format json ${INPUT_TRIVY_FLAGS:-} --exit-code 1 config . 2> /dev/null \
+  "${TRIVY_PATH}/trivy" --format json ${INPUT_TRIVY_FLAGS:-} --exit-code 1 ${INPUT_TRIVY_COMMAND} ${INPUT_TRIVY_TARGET} 2> /dev/null \
     | jq -r -f "${GITHUB_ACTION_PATH}/to-rdjson.jq" \
     |  "${REVIEWDOG_PATH}/reviewdog" -f=rdjson \
         -name="${INPUT_TOOL_NAME}" \