From 987beb818611978a005e724887c845a277ba2ff5 Mon Sep 17 00:00:00 2001 From: Tanguy Segarra <100129158+tanguy-platsec@users.noreply.github.com> Date: Thu, 2 Jun 2022 23:52:06 +0200 Subject: [PATCH] Enable security checks option for image type (#112) * Enable security checks option for image type * Readme: update security checks option * action.yaml: add default value for security checks option * echo env var * action.yaml: remove default value for security checks * remove useless echo --- README.md | 2 +- entrypoint.sh | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2f698d8..9b9fc28 100644 --- a/README.md +++ b/README.md @@ -394,7 +394,7 @@ Following inputs can be used as `step.with` keys: | `timeout` | String | `5m0s` | Scan timeout duration | | `ignore-policy` | String | | Filter vulnerabilities with OPA rego language | | `list-all-pkgs` | String | | Output all packages regardless of vulnerability | -| `security-checks`| String | `vuln` | comma-separated list of what security issues to detect (`vuln`,`config`)| +| `security-checks`| String | `vuln,secret` | comma-separated list of what security issues to detect (`vuln`,`secret`,`config`)| [release]: https://github.com/aquasecurity/trivy-action/releases/latest [release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github diff --git a/entrypoint.sh b/entrypoint.sh index 5b95d3c..a02efa8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -98,10 +98,7 @@ if [ $vulnType ] && [ "$scanType" != "config" ];then ARGS="$ARGS --vuln-type $vulnType" SARIF_ARGS="$SARIF_ARGS --vuln-type $vulnType" fi -if [ $securityChecks ] && [ "$scanType" == "fs" ];then - ARGS="$ARGS --security-checks $securityChecks" -fi -if [ $securityChecks ] && [ "$scanType" == "repo" ];then +if [ $securityChecks ];then ARGS="$ARGS --security-checks $securityChecks" fi if [ $severity ];then