diff --git a/README.md b/README.md index e5a597e..8b9d55f 100644 --- a/README.md +++ b/README.md @@ -109,11 +109,12 @@ up. After which, complete the following steps: - checks : If set, GitHub checks will be added to the current commit based on any vulnerabilities found. - codeQuality : Passes the -q option to the Contrast local scanner to include code quality rules in the scan. - label : Label to associate with the current scan. Defaults to the current ref e.g. **refs/heads/main** -- memory : Memory setting passed to the underlying scan engine. Defaulted to 2g. +- memory : Memory setting passed to the underlying scan engine. Defaulted to 8g. - path : Path to scan with Contrast local scanner. Defaults to the current repository path. - projectName : Project to associate scan with. Defaults to current GitHub repository name e.g. **Contrast-Security-OSS/contrast-local-scan-action** - resourceGroup : Passes the -r option to the Contrast local scanner to associate newly created projects with the specified resource group. - severity : Set this to cause the build to fail if vulnerabilities are found at this severity or higher. Valid values are critical, high, medium, low, note. +- timeout: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes. diff --git a/action.yml b/action.yml index 6290ed3..d6a5cdc 100644 --- a/action.yml +++ b/action.yml @@ -30,7 +30,7 @@ inputs: label: description: Label to associate with the current scan. Defaults to the current ref e.g. refs/heads/main memory: - description: Memory setting passed to the underlying scan engine. Defaulted to 2g + description: Memory setting passed to the underlying scan engine. Defaulted to 8g required: false path: description: Path to scan with local scanner. Defaults to the current repository path. @@ -52,6 +52,9 @@ inputs: Set this to cause the build to fail if vulnerabilities are found exceeding this severity or higher. Valid values are CRITICAL, HIGH, MEDIUM, LOW, NOTE. required: false + timeout: + description: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes. + required: false token: description: > GitHub token for GitHub API requests. Defaults to GITHUB_TOKEN. diff --git a/src/config.js b/src/config.js index 008ef10..1bdbd53 100644 --- a/src/config.js +++ b/src/config.js @@ -20,7 +20,7 @@ const codeQuality = core.getBooleanInput("codeQuality"); const label = core.getInput("label") || process.env.GITHUB_REF; // Pinning the local scanner version -const localScannerVersion = "1.0.7"; +const localScannerVersion = "1.0.8"; const memory = core.getInput("memory"); const path = core.getInput("path") || process.env.GITHUB_WORKSPACE; @@ -29,6 +29,7 @@ const projectName = const resourceGroup = core.getInput("resourceGroup"); const severity = core.getInput("severity")?.toLowerCase() || undefined; const strategy = core.getInput("strategy") || "project"; +const timeout = core.getInput("timeout"); const title = "Contrast Local Scan"; const token = core.getInput("token"); @@ -50,6 +51,7 @@ module.exports = { resourceGroup, severity, strategy, + timeout, title, token, }; diff --git a/src/scan.js b/src/scan.js index 6e89127..df8269a 100644 --- a/src/scan.js +++ b/src/scan.js @@ -17,6 +17,7 @@ const { resourceGroup, severity, strategy, + timeout, title, } = require("./config"); @@ -51,6 +52,10 @@ function scanOpts(jar) { options.push("--memory", memory); } + if (timeout) { + options.push("--timeout", timeout); + } + if (resourceGroup) { options.push("-r", resourceGroup); }