Initial commit

Author: homoluctus

.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Test my typescript action
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v1
+
+    # - name: Test
+    #   run: npm run test
+
+    - name: Build
+      run: npm run build
+
+    - name: Pull docker image
+      run: docker pull alpine:3.10.3
+
+    - uses: ./
+      with:
+        token: ${{ github.GITHUB_TOKEN }}
+        image: alpine:3.10.3

.gitignore

@@ -0,0 +1,93 @@
+__tests__/runner/*
+
+# comment out in distribution branches
+node_modules/
+
+# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/

LICENSE

@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2019 GitHub, Inc. and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,32 @@
+# Gitrivy
+
+![GitHub release (latest by date)](https://img.shields.io/github/v/release/homoluctus/gitrivy?color=brightgreen)
+![GitHub](https://img.shields.io/github/license/homoluctus/gitrivy?color=brightgreen)
+
+This is a GitHub Actions to scan vulnerability using [Trivy](https://github.com/aquasecurity/trivy).<br>
+
+## Usage
+
+## Example Workflow
+
+Detect your docker image vulnerability everyday at 9:00 (UTC).
+
+```yaml
+name: Vulnerability Scan
+
+on:
+  schedule:
+    - cron: '0 9 * * *'
+
+jobs:
+  scan:
+    name: Daily Vulnerability Scan
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Pull docker image
+        run: docker pull sample
+
+      - uses: homoluctus/[email protected]
+        with:
+          image: sample
+```

action.yml

@@ -0,0 +1,51 @@
+name: 'Scan docker image vulnerability using Trivy'
+description: 'Scan docker image vulnerability and create issue'
+author: 'homoluctus'
+inputs:
+  token:
+    description: 'GitHub access token'
+    required: true
+  trivy_version:
+    description: 'Trivy version'
+    default: 'latest'
+    required: false
+  image:
+    description: 'The target image name of vulnerability scan'
+    required: true
+  severity:
+    description: 'sevirities of vulunerabilities (separeted by commma)'
+    default: 'HIGH,CRITICAL'
+    required: false
+  vuln_type:
+    description: 'target vlunerability [os,library] (separeted by commma)'
+    default: 'os,library'
+    required: false
+  ignore_unfixed:
+    description: 'Ignore unfixed vulnerabilities [true, false]'
+    default: 'false'
+    required: false
+  issue_title:
+    description: 'Issue title'
+    default: 'Security Alert'
+    required: false
+  issue_label:
+    description: 'Issue label (separeted by commma)'
+    default: 'trivy,vulnerability'
+    required: false
+  issue_assignee:
+    description: 'Issue assignee (separeted by commma)'
+    required: false
+
+outputs:
+  issue_number:
+    description: 'The created issue number'
+  html_url:
+    description: 'The URL to view the issue'
+
+runs:
+  using: 'node12'
+  main: 'dist/index.js'
+
+branding:
+  icon: 'search'
+  color: 'blue'