{"id":21359340,"url":"https://github.com/trendmicro/tmas-scan-action","last_synced_at":"2025-07-13T01:31:10.684Z","repository":{"id":151636462,"uuid":"619449600","full_name":"trendmicro/tmas-scan-action","owner":"trendmicro","description":"Vision One Container Security Scan Action","archived":false,"fork":false,"pushed_at":"2024-08-14T12:56:29.000Z","size":32,"stargazers_count":7,"open_issues_count":1,"forks_count":4,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-09-18T22:50:58.968Z","etag":null,"topics":["cloud","container","container-security","devsecops","github-actions","security","security-scanner","security-tools","vulnerability"],"latest_commit_sha":null,"homepage":"https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trendmicro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.pdf","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-27T06:59:42.000Z","updated_at":"2024-09-13T19:23:06.000Z","dependencies_parsed_at":"2024-08-14T14:13:14.499Z","dependency_job_id":null,"html_url":"https://github.com/trendmicro/tmas-scan-action","commit_stats":{"total_commits":16,"total_committers":2,"mean_commits":8.0,"dds":0.25,"last_synced_commit":"17e26d6bb21b4903786d6c34c170ff8dbcd63684"},"previous_names":["trendmicro/tmas-scan-action","trendmicro/cloudone-container-security-github-action"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftmas-scan-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftmas-scan-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftmas-scan-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftmas-scan-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trendmicro","download_url":"https://codeload.github.com/trendmicro/tmas-scan-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225849840,"owners_count":17534057,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","container","container-security","devsecops","github-actions","security","security-scanner","security-tools","vulnerability"],"created_at":"2024-11-22T05:27:50.712Z","updated_at":"2024-11-22T05:27:51.379Z","avatar_url":"https://github.com/trendmicro.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TMAS Scan Action\n\n![TM Logo](images/tm-logo.jpg)\n\n## Scan your containers with [Vision One Container Security](https://www.trendmicro.com/en_in/business/products/hybrid-cloud/cloud-one-container-image-security.html)\n\nThis tool is meant to be used as a [GitHub Action](https://github.com/features/actions).\n\n## Requirements\n\n* Have an [Vision One Account](https://signin.v1.trendmicro.com/). [Sign up for free trial now](www.trendmicro.com/en_us/business/products/trials.html?modal=s1b-hero-vision-one-free-trial-c022c8#detection-response) if it's not already the case!\n* [A Vision One API Key](https://automation.trendmicro.com/xdr/Guides/First-Steps-Toward-Using-the-APIs) with a custom role that contains the permission `Run artifact scan`.\n* A Vision One Region of choice (ap-southeast-2, eu-central-1, ap-south-1, ap-northeast-1, ap-southeast-1, us-east-1) \n* A container image to be scan.\n\n## Usage\n\nAdd an Action in your `.github/workflow` yml file to scan your image with Vision One Container Security.\n\n```yml\n- name: Vision One Container Security Scan Action\n  uses: trendmicro/tmas-scan-action@version*\n   with:\n      # Mandatory\n      TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }}\n      REGION: us-east-1\n      VULNERABILITY_SCAN: true\n      # Optional\n      SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.\n      MALWARE_SCAN: true # Enable malware scan.\n      SECRETS_SCAN: true # Enable secrets scan.\n      IMAGE: alpine # The image need to be public or the pipeline need to have access to the private image of choice.\n      LOCAL_IMAGE_TARBALL: image.tar\n      # For each threshold below, select the maximum number of vulnerabilities that are acceptable.\n      MAX_TOTAL: 0\n      MAX_CRITICAL: 0\n      MAX_HIGH: 0\n      MAX_MEDIUM: 0\n      MAX_LOW: 0\n      MAX_NEGLIGIBLE: 0\n      MAX_UNKNOWN: 0\n      SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.\n```\n\n## Artifacts (Optional)\n\nArtifacts allow you to share data between jobs in a workflow and store data once that workflow has completed, in this case saving the scan result and the container image SBOM as an artifact allow you to have proof on what happened on past scans. In the example below, you can add an extra action after the scan to keep the result the scan as an artifact for 30 days:\n\n```yaml\n  - name: 'Upload Scan Result Artifact'\n    uses: actions/upload-artifact@v3\n    with:\n      name: scan-result\n      path: result.json\n      retention-days: 30\n  - name: 'Upload SBOM Artifact'\n    uses: actions/upload-artifact@v3\n    with:\n      name: sbom\n      path: SBOM.json\n      retention-days: 30\n```\n\n**Note**: By default, GitHub stores build logs and artifacts for 90 days, and this retention period can be customized. For more information, check the [GitHub Documentation](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts).\n\n## Contributing\n\nIf you encounter a bug, think of a useful feature, or find something confusing in the docs, please [create a new issue](https://github.com/trendmicro/tmas-scan-action/issues/new)!\n\nWe :heart: pull requests. If you'd like to fix a bug, contribute to a feature or just correct a typo, please feel free to do so.\n\nIf you're thinking of adding a new feature, consider opening an issue first to discuss it to ensure it aligns to the direction of the project (and potentially save yourself some time!).\n\n## Support\n\nOfficial support from Trend Micro is not available. Individual contributors may be Trend Micro employees, but are not official support.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendmicro%2Ftmas-scan-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrendmicro%2Ftmas-scan-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendmicro%2Ftmas-scan-action/lists"}