Modify creating issue is optional

Author: homoluctus

action.yml

@@ -2,9 +2,6 @@ name: 'Trivy Action'
 description: 'Scan docker image vulnerability using Trivy and create GitHub Issue'
 author: 'homoluctus'
 inputs:
-  token:
-    description: 'GitHub access token'
-    required: true
   trivy_version:
     description: 'Trivy version'
     default: 'latest'
@@ -24,6 +21,13 @@ inputs:
     description: 'Ignore unfixed vulnerabilities [true, false]'
     default: 'false'
     required: false
+  issue:
+      description: 'Decide whether to create a issue when vulnerabilities are found [true, false]'
+      default: 'true'
+      required: false
+  token:
+    description: 'GitHub access token used to create a issue'
+    required: false
   issue_title:
     description: 'Issue title'
     default: 'Security Alert'

src/index.ts

@@ -10,31 +10,42 @@ import {
 
 async function run() {
   try {
-    const token: string = core.getInput('token', { required: true });
     const trivyVersion: string = core
       .getInput('trivy_version')
       .replace(/^v/, '');
     const image: string | undefined =
       core.getInput('image') || process.env.IMAGE_NAME;
+    const issueFlag: boolean = core.getInput('issue').toLowerCase() == 'true';
 
     if (image === undefined || image === '') {
       throw new Error('Please specify scan target image name');
     }
 
-    const trivyOptions: TrivyOption = {
+    const trivyOption: TrivyOption = {
       severity: core.getInput('severity').replace(/\s+/g, ''),
       vulnType: core.getInput('vuln_type').replace(/\s+/g, ''),
       ignoreUnfixed: core.getInput('ignore_unfixed').toLowerCase() === 'true',
+      format: issueFlag ? 'json' : 'table',
     };
 
     const downloader = new Downloader();
     const trivyCmdPath: string = await downloader.download(trivyVersion);
-    const result: Vulnerability[] = Trivy.scan(
+    const result: Vulnerability[] | string = Trivy.scan(
       trivyCmdPath,
       image,
-      trivyOptions
+      trivyOption
     );
-    const issueContent: string = Trivy.parse(result);
+
+    if (!issueFlag) {
+      core.info(
+        `Not create a issue because issue parameter is false.
+        Vulnerabilities:
+        ${result}`
+      );
+      return;
+    }
+
+    const issueContent: string = Trivy.parse(result as Vulnerability[]);
 
     if (issueContent === '') {
       core.info(
@@ -43,7 +54,7 @@ async function run() {
       return;
     }
 
-    const issueOptions: IssueOption = {
+    const issueOption: IssueOption = {
       title: core.getInput('issue_title'),
       body: issueContent,
       labels: core
@@ -55,7 +66,8 @@ async function run() {
         .replace(/\s+/g, '')
         .split(','),
     };
-    const output: IssueResponse = await createIssue(token, issueOptions);
+    const token: string = core.getInput('token', { required: true });
+    const output: IssueResponse = await createIssue(token, issueOption);
     core.setOutput('html_url', output.htmlUrl);
     core.setOutput('issue_number', output.issueNumber.toString());
   } catch (error) {

src/interface.ts

@@ -14,6 +14,7 @@ export interface TrivyOption {
   severity: string;
   vulnType: string;
   ignoreUnfixed: boolean;
+  format: string;
 }
 
 export interface Vulnerability {

src/trivy.ts

@@ -123,7 +123,7 @@ export class Trivy {
     trivyPath: string,
     image: string,
     option: TrivyOption
-  ): Vulnerability[] {
+  ): Vulnerability[] | string {
     Trivy.validateOption(option);
 
     const args: string[] = [
@@ -132,22 +132,21 @@ export class Trivy {
       '--vuln-type',
       option.vulnType,
       '--format',
-      'json',
+      option.format,
       '--quiet',
       '--no-progress',
     ];
 
-    if (option.ignoreUnfixed) {
-      args.push('--ignore-unfixed');
-    }
-
+    if (option.ignoreUnfixed) args.push('--ignore-unfixed');
     args.push(image);
+
     const result: SpawnSyncReturns<string> = spawnSync(trivyPath, args, {
       encoding: 'utf-8',
     });
 
     if (result.stdout && result.stdout.length > 0) {
-      const vulnerabilities: Vulnerability[] = JSON.parse(result.stdout);
+      const vulnerabilities: Vulnerability[] | string =
+        option.format === 'json' ? JSON.parse(result.stdout) : result.stdout;
       if (vulnerabilities.length > 0) {
         return vulnerabilities;
       }
@@ -185,7 +184,6 @@ export class Trivy {
       }
       issueContent += `${vulnTable}\n\n`;
     }
-    console.debug(issueContent);
     return issueContent;
   }