https://github.com/carlspring/mend-actions-signal-test
https://github.com/carlspring/mend-actions-signal-test
Last synced: 8 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/carlspring/mend-actions-signal-test
- Owner: carlspring
- License: apache-2.0
- Created: 2025-02-25T21:31:38.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2025-09-08T13:24:29.000Z (9 months ago)
- Last Synced: 2025-09-08T15:26:17.821Z (9 months ago)
- Language: Python
- Size: 1.95 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 189
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
This is a set of Github Actions for the Mend.io CLI.
# List of Actions
## The `setup` Action
This Github Action is responsible for downloading and installing the Mend.io CLI.
Please note:
* This action is required to be run before any other Mend.io CLI actions.
* The version of the Mend.io CLI to be installed will be the latest available version from Mend.io, as the vendor
does not provide a versioned download link, nor do they provide historical versions.
## The `login` Action
This Github Action is responsible for logging in to the Mend.io website.
This action requires the following environment variables to be set in the invoking Github workflow in order to
be able to authenticate securely without storing the credentials on the file system:
```yaml
env:
MEND_URL: ${{ secrets.MEND_URL }}
MEND_ORGANIZATION: ${{ secrets.MEND_ORGANIZATION }}
MEND_ORGANIZATION_KEY: ${{ secrets.MEND_ORGANIZATION_KEY }}
MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
```
Needless to say, the above secrets must also be defined as GitHub secrets in the repository settings.
## The `scan-dependencies` Action
This Github Action is responsible for carrying out a dependency scan and producing a report.
The following options are available:
| Input Parameter | Description | Default Value | Required |
|----------------------|------------------------------------------------------|---------------------|----------|
| `json_filename` | The JSON output filename for the scan results | `dependencies.json` | false |
| `sarif_filename` | The SARIF output filename for the scan results | `results.sarif` | false |
| `scope` | The scope for the scan results | n/a | true |
| `publish_to_mend` | Whether to publish the scan results to Mend.io | `true` | true |
## The `scan-docker` Action
This Github Action is responsible for carrying out a Docker image scan and producing a report.
The following options are available:
| Input Parameter | Description | Default Value | Required |
|----------------------|------------------------------------------------------|--------------------|----------|
| `docker-image` | The Docker image to scan | n/a | true |
| `exclude-licensing` | Exclude licensing information from the scan results | `false` | false |
| `format` | The format for the scan results | `sarif` | false |
| `filename` | The filename for the scan results | `results.sarif` | false |
| `scope` | The scope for the scan results | n/a | true |