Enable security checks option for image type (#112)

* Enable security checks option for image type * Readme: update security checks option * action.yaml: add default value for security checks option * echo env var * action.yaml: remove default value for security checks * remove useless echo
aquasecurity · Jun 2, 2022 · 987beb8 · 987beb8
1 parent 4b9b6fb
commit 987beb8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -394,7 +394,7 @@ Following inputs can be used as `step.with` keys:
 | `timeout`        | String  | `5m0s`                             | Scan timeout duration                         |
 | `ignore-policy`  | String  |                                    | Filter vulnerabilities with OPA rego language |
 | `list-all-pkgs`  | String  |                                    | Output all packages regardless of vulnerability |
-| `security-checks`| String  | `vuln`                             | comma-separated list of what security issues to detect (`vuln`,`config`)|
+| `security-checks`| String  | `vuln,secret`                      | comma-separated list of what security issues to detect (`vuln`,`secret`,`config`)|
 
 [release]: https://github.com/aquasecurity/trivy-action/releases/latest
 [release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -98,10 +98,7 @@ if [ $vulnType ] && [ "$scanType" != "config" ];then
   ARGS="$ARGS --vuln-type $vulnType"
   SARIF_ARGS="$SARIF_ARGS --vuln-type $vulnType"
 fi
-if [ $securityChecks ] && [ "$scanType" == "fs" ];then
-  ARGS="$ARGS --security-checks $securityChecks"
-fi
-if [ $securityChecks ] && [ "$scanType" == "repo" ];then
+if [ $securityChecks ];then
   ARGS="$ARGS --security-checks $securityChecks"
 fi
 if [ $severity ];then