{"id":15090161,"url":"https://github.com/xeol-io/xeol-action","last_synced_at":"2025-04-11T20:32:11.571Z","repository":{"id":65584454,"uuid":"594887203","full_name":"xeol-io/xeol-action","owner":"xeol-io","description":"End-of-life (EOL) container analysis and scanning provided as a GitHub Action using https://github.com/xeol-io/xeol","archived":false,"fork":false,"pushed_at":"2024-10-23T07:09:00.000Z","size":959,"stargazers_count":13,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-10T11:35:17.019Z","etag":null,"topics":["actions","end-of-life","github-actions","outdated-packages","xeol"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xeol-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-29T23:16:10.000Z","updated_at":"2024-05-20T15:32:02.000Z","dependencies_parsed_at":"2023-10-10T14:32:28.181Z","dependency_job_id":"bd40e8be-18ef-4950-9908-481fd6452ba5","html_url":"https://github.com/xeol-io/xeol-action","commit_stats":{"total_commits":32,"total_committers":4,"mean_commits":8.0,"dds":0.21875,"last_synced_commit":"2ea356743757e33f90788adcf37c87aef33e08ba"},"previous_names":["noqcks/xeol-action"],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fxeol-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fxeol-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fxeol-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fxeol-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xeol-io","download_url":"https://codeload.github.com/xeol-io/xeol-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248476410,"owners_count":21110275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","end-of-life","github-actions","outdated-packages","xeol"],"created_at":"2024-09-25T09:22:47.816Z","updated_at":"2025-04-11T20:32:06.556Z","avatar_url":"https://github.com/xeol-io.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Action for End-of-Life (EOL) Scanning\n\n[![Test Status][test-img]][test]\n[![GitHub release](https://img.shields.io/github/release/xeol-io/xeol-action.svg)](https://github.com/xeol-io/xeol-action/releases/latest)\n[![License: MIT](https://img.shields.io/github/license/xeol-io/xeol-action)](https://img.shields.io/github/license/xeol-io/xeol-action)\n\nFind End-of-life (EOL) software in files or containers\n\n![image](https://user-images.githubusercontent.com/4740147/215561344-5c5bba89-c4a4-4c72-ad71-58c48d5e41d6.png)\n\nThis is a GitHub Action for invoking the [Xeol](https://github.com/xeol-io/xeol) scanner and returning the end-of-life (EOL) packages. You can set it to fail pipelines when\nEOL software is found by setting the `fail-build` input to `true`.\n\nUse this in your workflows to quickly verify files or containers' content after a build and before pushing, allowing PRs, or deploying updates.\n\nThe action invokes the `xeol` command-line tool, with these benefits:\n\n- Runs locally, without sending data outbound - no credentials required!\n- Speedy scan operations\n- Scans both paths and container images\n\nBy default, a scan will produce very detailed output on system packages like an RPM or DEB, but also language-based packages. These are some of the supported packages and libraries:\n\nSupported Linux Distributions:\n\n- Alpine\n- BusyBox\n- CentOS and RedHat\n- Debian and Debian-based distros like Ubuntu\n\nSupported packages and libraries:\n\n- Ruby Bundles\n- Python Wheel, Egg, `requirements.txt`\n- JavaScript NPM/Yarn\n- Java JAR/EAR/WAR, Jenkins plugins JPI/HPI\n- Go modules\n\n## Container scanning\n\nThe simplest workflow for scanning a `localbuild/testimage` container:\n\n```yaml\n- name: Set up Docker Buildx\n  uses: docker/setup-buildx-action@v1\n\n- name: build local container\n  uses: docker/build-push-action@v2\n  with:\n    tags: localbuild/testimage:latest\n    push: false\n    load: true\n\n- name: Scan image\n  uses: xeol-io/xeol-action@v1.0.7\n  with:\n    image: \"localbuild/testimage:latest\"\n```\n\n## Directory scanning\n\nTo scan a directory, add the following step:\n\n```yaml\n- name: Scan current project\n  uses: xeol-io/xeol-action@v1.0.7\n  with:\n    path: \".\"\n```\n\nThe `path` key allows any valid path for the current project. The root of the path (`\".\"` in this example) is the repository root.\n\n## Scanning an SBOM file\n\nUse the `sbom` key to scan an SBOM file:\n\n```yaml\n- name: Create SBOM\n  uses: anchore/sbom-action@v0\n  with:\n    format: spdx-json\n    output-file: \"${{ github.event.repository.name }}-sbom.spdx.json\"\n\n- name: Scan SBOM\n  uses: xeol-io/xeol-action@v1.0.7\n  with:\n    sbom: \"${{ github.event.repository.name }}-sbom.spdx.json\"\n```\n\n## Failing a build on EOL package found\n\nBy default, the action will fail if it finds any out-of-date software.\n\nYou change the `fail-build` field to `false` to avoid failing the build in the case that an out-of-date package is found:\n\n```yaml\n- name: Scan image\n  uses: xeol-io/xeol-action@v1.0.7\n  with:\n    image: \"localbuild/testimage:latest\"\n    fail-build: false\n```\n\n### Action Inputs\n\nThe inputs `image`, `path`, and `sbom` are mutually exclusive to specify the source to scan; all the other keys are optional. These are all the available keys to configure this action, along with the defaults:\n\n| Input Name          | Description                                                                                                                                                                                                                                                      | Default Value |\n| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |\n| `image`             | The image to scan                                                                                                                                                                                                                                                | N/A           |\n| `path`              | The file path to scan                                                                                                                                                                                                                                            | N/A           |\n| `sbom`              | The SBOM to scan                                                                                                                                                                                                                                                 | N/A           |\n| `registry-username` | The registry username to use when authenticating to an external registry                                                                                                                                                                                         |               |\n| `registry-password` | The registry password to use when authenticating to an external registry                                                                                                                                                                                         |               |\n| `fail-build`        | Fail the build if an end-of-life (EOL) software is found                                                                                                                   | `false`        |\n| `api-key`        | The API key to use to send results to xeol.io                                                                                                                   | N/A        |\n| `output-format`     | Set the output parameter after successful action execution. Valid choices are `json`, and `table`, where `table` output will print to the console instead of generating a file.                                                                         | `table`       |\n\n\n### Action Outputs\n\n| Output Name | Description                                                  | Type   |\n| ----------- | ------------------------------------------------------------ | ------ |\n| `report`      | Path to the report file , if `output-format` is `json`       | string |\n\n### Example Workflow\n\nAssuming your repository has a Dockerfile in the root directory:\n\n```yaml\nname: Container Image CI\non: [push]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v2\n      - name: Build the container image\n        run: docker build . --file Dockerfile --tag localbuild/testimage:latest\n      - uses: xeol-io/xeol-action@v1.0.7\n        with:\n          image: \"localbuild/testimage:latest\"\n          fail-build: true\n```\n\n## xeol-io/xeol-action/download-xeol\n\nA sub-action to [download Xeol](download-xeol/action.yml).\n\nInput parameters:\n\n| Parameter       | Description                                                                                                  | Default |\n| --------------- | ------------------------------------------------------------------------------------------------------------ | ------- |\n| `xeol-version` | An optional Xeol version to download, defaults to the pinned version in [XeolVersion.js](XeolVersion.js). |         |\n\nOutput parameters:\n\n| Parameter | Description                                                          |\n| --------- | -------------------------------------------------------------------- |\n| `cmd`     | a reference to the [Xeol](https://github.com/xeol-io/xeol) binary. |\n\n`cmd` can be referenced in a workflow like other output parameters:\n`${{ steps.\u003cstep-id\u003e.outputs.cmd }}`\n\nExample usage:\n\n```yaml\n- uses: xeol-io/xeol-action/download-xeol@v3\n  id: xeol\n- run: ${{steps.xeol.outputs.cmd}} dir:.\n```\n\n## Contributing\n\nWe love contributions, feedback, and bug reports. For issues with the invocation of this action, file [issues](https://github.com/xeol-io/xeol-action/issues) in this repository.\n\nFor contributing, see [Contributing](CONTRIBUTING.md).\n\n## More Information\n\nFor documentation on Xeol itself, including other output capabilities, see the [xeol project](https://github.com/xeol-io/xeol)\n\n[test]: https://github.com/xeol-io/xeol-action\n[test-img]: https://github.com/xeol-io/xeol-action/workflows/Tests/badge.svg\n\n## Diagnostics\n\nThis action makes extensive use of GitHub Action debug logging,\nwhich can be enabled as [described here](https://github.com/actions/toolkit/blob/master/docs/action-debugging.md)\nby setting a secret in your repository of `ACTIONS_STEP_DEBUG` to `true`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxeol-io%2Fxeol-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxeol-io%2Fxeol-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxeol-io%2Fxeol-action/lists"}