{"id":18896202,"url":"https://github.com/tenable/container-security-action","last_synced_at":"2025-08-31T22:13:31.560Z","repository":{"id":37847979,"uuid":"355961866","full_name":"tenable/container-security-action","owner":"tenable","description":"Tenable's Container security  action which helps scan docker images.","archived":false,"fork":false,"pushed_at":"2024-09-29T07:33:53.000Z","size":42,"stargazers_count":6,"open_issues_count":26,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-15T01:51:27.464Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tenable.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-04-08T15:32:24.000Z","updated_at":"2023-05-08T05:00:54.000Z","dependencies_parsed_at":"2022-06-22T20:59:24.030Z","dependency_job_id":"8d68914f-4ac2-4adf-a2b1-2012066fe94b","html_url":"https://github.com/tenable/container-security-action","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tenable/container-security-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fcontainer-security-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fcontainer-security-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fcontainer-security-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fcontainer-security-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tenable","download_url":"https://codeload.github.com/tenable/container-security-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fcontainer-security-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273047146,"owners_count":25036301,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-31T02:00:09.071Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T08:32:53.378Z","updated_at":"2025-08-31T22:13:31.544Z","avatar_url":"https://github.com/tenable.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# container-security-action\nTenable's Container security action ![Build](https://github.com/tenable/container-security-action/actions/workflows/main.yml/badge.svg)\n\nThis action can be used to trigger a container security scan for your build images. The user must have a Tenable.io account and also a license for container security. The action will upload the image to the tenable registry which kicks off the scan. The detailed results for each scan can be found within the container security dashboard on Tenable.io.\nUsers can specify thresholds within their workflows to enforce SLAs.\n\n### Example workflow\n\n```yaml\nname: Test Container security workflow\non: [push, pull_request]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v2\n      - name: Set up QEMU\n        uses: docker/setup-qemu-action@v1\n      - name: Set up Docker Buildx\n        uses: docker/setup-buildx-action@v1\n      - name: Build\n        uses: docker/build-push-action@v2\n        with:\n            context: .\n            push: false\n            tags: user/app:latest\n            load: true\n      - name: Runs the container security scan\n        uses: tenable/container-security-action@v0\n        id: consec\n        with:\n          repo_name: user/app\n          tag_name: latest\n        env:\n          ACCESS_KEY: ${{ secrets.ACCESS_KEY }}\n          SECRET_KEY: ${{ secrets.SECRET_KEY }}\n```\n\n### Inputs\n\n| Input                                             | Description                                        |\n|------------------------------------------------------|-----------------------------------------------|\n| `repo_name`  | Repository name for image built, e.g user/app   |\n| `tag_name`   | Tag name associated to the image   |\n| `check_thresholds` _(optional)_  | If the action should check results against the set thresholds  |\n| `risk_threshold` _(optional)_  | Risk threshold to be checked based on the risk score of the image  |\n| `findings_threshold` _(optional)_  | Findings threshold to be checked based on the number of vulnerabilities found in the image |\n| `malware_threshold` _(optional)_  | Malware threshold to be checked based on the number of malware findings in the image |\n\n### Outputs\n\n| Output                                             | Description                                        |\n|------------------------------------------------------|-----------------------------------------------|\n| `risk_score`  | Risk score given to the image after the scan |\n| `number_of_findings`  | Number of vulnerabilites found in the image |\n| `number_of_malware_findings`  | Number of malware findings in the image |\n| `cve_info`  | CVE info where you have all the cves found along with the risk |\n\n\n### Providing secrets\nThe Tenable.io access key and secret key need to be set in your repository secrets and provided the following way to the action\n```yaml\n    env:\n        ACCESS_KEY: ${{ secrets.ACCESS_KEY }}\n        SECRET_KEY: ${{ secrets.SECRET_KEY }}\n```\nThe action uses these secrets to push the image to the tenable registry and to get the scan results. The access and secret key can be \ngenerated by accessing `Tenable.io -\u003e Settings -\u003e My Account -\u003e API Keys -\u003e Generate`. It is important that these keys should not be shared publicly.\n\n### Using outputs\n\nThe outputs can be accessed using the following way\n\n```yaml\n    - name: Gets the risk score\n        run: echo \"The risk score ${{ steps.consec.outputs.risk_score }}\"\n    - name: Gets the risk scores for cves\n        run: echo \"The cve information is ${{ steps.consec.outputs.cve_info }}\"\n```\n\n### Lincese\nThe project is licensed under the MIT license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftenable%2Fcontainer-security-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftenable%2Fcontainer-security-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftenable%2Fcontainer-security-action/lists"}