GitHub Action
Trivy Action
v3
Latest version
This is a GitHub Actions to scan vulnerability using Trivy.
If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
- Scan vulnerability used by Trivy
- Create or Update GitHub Issue if vulnerabilities found
- Customize Issue title, label and assignee
- Issue body is generated by template parameter
Parameter | Required | Default Value | Description |
---|---|---|---|
token | True | N/A | GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended. |
image | True | N/A | The target image name to scan the vulnerability Specify this parameter or IMAGE_NAME environment variable |
trivy_version | False | latest | Trivy version |
severity | False | HIGH,CRITICAL | Severities of vulnerabilities (separated by commma) |
vuln_type | False | os,library | Scan target are os and / or library (separated by commma) |
ignore_unfixed | False | false | Ignore unfixed vulnerabilities Please specify true or false |
template | False | N/A | Path to template file This parameter equals trivy --template option By default, it uses src/default.tpl which is based on contrib/html.tpl reference: Report Formats - Trivy |
issue_title | False | Security Alert | Issue title |
issue_label | False | trivy,vulnerability | Issue label (separated by commma) |
issue_assignee | False | N/A | Issue assignee (separated by commma) |
fail_on_vulnerabilities | False | false | Whether the action should fail if any vulnerabilities were found. |
Parameter | Description |
---|---|
html_url | The URL to view the issue |
issue_number | The created issue number |
Detect your docker image vulnerability everyday at 9:00 (UTC).
name: Vulnerability Scan
on:
schedule:
- cron: '0 9 * * *'
jobs:
scan:
name: Daily Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Pull docker image
run: docker pull sample
- uses: lazy-actions/gitrivy@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
image: sample