{"id":27645903,"url":"https://github.com/vipulgupta2048/chps-scorer-github-action","last_synced_at":"2026-01-22T23:50:25.576Z","repository":{"id":289254513,"uuid":"970590128","full_name":"vipulgupta2048/chps-scorer-github-action","owner":"vipulgupta2048","description":"GitHub Action for chps-scorer","archived":false,"fork":false,"pushed_at":"2025-04-22T20:04:54.000Z","size":26,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-24T01:13:44.861Z","etag":null,"topics":["chps","container","cve","github-actions","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vipulgupta2048.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-22T08:36:52.000Z","updated_at":"2025-04-22T20:04:58.000Z","dependencies_parsed_at":"2025-04-22T11:34:53.740Z","dependency_job_id":null,"html_url":"https://github.com/vipulgupta2048/chps-scorer-github-action","commit_stats":null,"previous_names":["vipulgupta2048/chps-scorer-github-action"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vipulgupta2048%2Fchps-scorer-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vipulgupta2048%2Fchps-scorer-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vipulgupta2048%2Fchps-scorer-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vipulgupta2048%2Fchps-scorer-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vipulgupta2048","download_url":"https://codeload.github.com/vipulgupta2048/chps-scorer-github-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250540916,"owners_count":21447427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chps","container","cve","github-actions","security"],"created_at":"2025-04-24T01:13:47.672Z","updated_at":"2026-01-22T23:50:25.521Z","avatar_url":"https://github.com/vipulgupta2048.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CHPs Scorer GitHub Action\n\n[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-CHPs%20Scorer-blue.svg?colorA=24292e\u0026colorB=0366d6\u0026style=flat\u0026longCache=true\u0026logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAM6wAADOsB5dZE0gAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAERSURBVCiRhZG/SsMxFEZPfsVJ61jbxaF0cRQRcRJ9hlYn30IHN/+9iquDCOIsblIrOjqKgy5aKoJQj4O3EEtbPwhJbr6Te28CmdSKeqzeqr0YbfVIrTBKakvtOl5dtTkK+v4HfA9PEyBFCY9AGVgCBLaBp1jPAyfAJ/AAdIEG0dNAiyP7+K1qIfMdonZic6+WJoBJvQlvuwDqcXadUuqPA1NKAlexbRTAIMvMOCjTbMwl1LtI/6KWJ5Q6rT6Ht1MA58AX8Apcqqt5r2qhrgAXQC3CZ6i1+KMd9TRu3MvA3aH/fFPnBodb6oe6HM8+lYHrGdRXW8M9bMZtPXUji69lmf5Cmamq7quNLFZXD9Rq7v0Bpc1o/tp0fisAAAAASUVORK5CYII=)](https://github.com/marketplace/actions/chps-scorer)\n\nGitHub Action to run automated security checks on container images according to [CHPs specification](https://github.com/chps-dev/chps) (Container Hardening Points).\n\nThis action assesses container images against multiple security vectors and gives them a grade (A+ to E) based on their:\n- Minimalism (image size, layer count, etc.)\n- Provenance (build sources, signatures, etc.)\n- Configuration (user, permissions, etc.)\n- CVE vulnerabilities\n\nWhen used in conjunction with [Create Issue From File](https://github.com/peter-evans/create-issue-from-file), issues will be opened when the action finds security problems (make sure to specify the `issues: write` permission in the [workflow](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions) or the [job](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions)).\n\n## Usage\n\nHere is a full example of a GitHub workflow file:\n\nThis workflow will scan your container images once every day and create an issue if security issues are found. Save this under `.github/workflows/chps-scorer.yml`:\n\n```yaml\nname: \"CHPs Container Security Check\"\n\non:\n  repository_dispatch:\n  workflow_dispatch:\n  schedule:\n    - cron: \"00 18 * * *\"\n\njobs:\n  chps-scorer:\n    runs-on: ubuntu-latest\n    permissions:\n      issues: write # required for peter-evans/create-issue-from-file\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: CHPs Security Check\n        id: chps-scorer\n        uses: vipulgupta2048/chps-scorer-github-action@v1\n        with:\n          image: REPLACE_WITH:YOUR_IMAGE\n          dockerfile: ./Dockerfile\n\n      - name: Write CHPS Report to File\n          run: |\n            echo \"${{ steps.chps-score.outputs.output }}\" \u003e chps-report.md\n\n      - name: Create Issue \n        uses: peter-evans/create-issue-from-file@v5\n        with:\n          title: Container Security Issues Detected\n          content-filepath: ./chps-report.md\n          labels: security, container, automated-issue\n```\n\n## Inputs\n\n| Input          | Required | Default | Description                                               |\n|----------------|----------|---------|-----------------------------------------------------------|\n| image          | Yes      | -       | Container image to scan (e.g., nginx:latest)              |\n| output-format  | No       | json    | Output format (options: json)                             |\n| skip-cves      | No       | false   | Skip CVE scanning                                         |\n| dockerfile     | No       | -       | Path to Dockerfile for additional checks                  |\n\n## Outputs\n\n| Output         | Description                                              |\n|----------------|----------------------------------------------------------|\n| output   | Whether findings should trigger an issue (true/false)    |\n\n## Examples\n\n### Basic scan of a public image\n\n```yaml\n- name: Scan nginx image\n  uses: vipulgupta2048/chps-scorer-github-action@v1\n  with:\n    image: nginx:latest\n```\n\n### Create a GitHub issue with the report\n\n```yaml\n- name: Scan custom image with Dockerfile\n  uses: vipulgupta2048/chps-scorer-github-action@v1\n  with:\n    image: my-custom-image:latest\n    dockerfile: ./path/to/Dockerfile\n\n- name: Write CHPS Report to File\n  run: |\n    echo \"${{ steps.chps-score.outputs.output }}\" \u003e chps-report.md\n\n- name: Create Issue from File\n  uses: peter-evans/create-issue-from-file@v4\n  with:\n    title: CHPS Security Findings\n    content-filepath: chps-report.md\n    labels: security, docker, chps-scorer\n```\n\nExample issue: https://github.com/vipulgupta2048/chps-scorer-github-action/issues/3\n\n\n### Skip CVE scanning for faster results\n\n```yaml\n- name: Quick scan without CVEs\n  uses: vipulgupta2048/chps-scorer-github-action@v1\n  with:\n    image: my-image:latest\n    skip-cves: true\n```\n\n\n## Security and Updates\n\nIt is recommended to pin the CHPs Scorer action to a fixed version for security reasons. You can use Dependabot to automatically keep your GitHub actions up-to-date. This is a great way to pin the action while still receiving updates.\n\nCreate a file named `.github/dependabot.yml` with the following contents:\n\n```yml\nversion: 2\nupdates:\n  - package-ecosystem: \"github-actions\"\n    directory: \".github/workflows\"\n    schedule:\n      interval: \"weekly\"\n```\n\nWhen you add or update the `dependabot.yml` file, this triggers an immediate check for version updates.\nSee [the documentation](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) for all configuration options.\n\n### Security tip\n\nFor additional security when relying on automation to update actions, you can pin the action to a SHA-256 instead of the semver version to avoid tag spoofing. Dependabot will still be able to automatically update this.\n\nFor example:\n\n```yml\n- name: CHPs Security Check\n  uses: vipulgupta2048/chps-scorer-github-action@abcdef123456789abcdef123456789abcdef1234 # v1.0.0\n```\n\n## License\n\nThis action is licensed under the Apache License, Version 2.0.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvipulgupta2048%2Fchps-scorer-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvipulgupta2048%2Fchps-scorer-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvipulgupta2048%2Fchps-scorer-github-action/lists"}