https://github.com/lazy-actions/gitrivy

GitHub Issue + Trivy Action
https://github.com/lazy-actions/gitrivy

docker github-actions security trivy typescript

Last synced: 8 months ago
JSON representation

GitHub Issue + Trivy Action

• Host: GitHub
• URL: https://github.com/lazy-actions/gitrivy
• Owner: lazy-actions
• License: mit
• Created: 2019-11-15T04:24:28.000Z (about 6 years ago)
• Default Branch: main
• Last Pushed: 2023-01-07T04:32:29.000Z (about 3 years ago)
• Last Synced: 2025-04-24T22:58:33.672Z (9 months ago)
• Topics: docker, github-actions, security, trivy, typescript
• Language: TypeScript
• Homepage:
• Size: 1.05 MB
• Stars: 55
• Watchers: 2
• Forks: 25
• Open Issues: 16
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Gitrivy (GitHub Issue + Trivy Action)

![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Build)

![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Integration%20Test?label=Integration%20Test)

![GitHub Workflow Status](https://img.shields.io/github/workflow/status/lazy-actions/gitrivy/Unit%20Test?label=Unit%20Test)

![GitHub release (latest by date)](https://img.shields.io/github/v/release/homoluctus/gitrivy?color=brightgreen&include_prereleases)

![LICENSE](https://img.shields.io/github/license/homoluctus/gitrivy?color=brightgreen)

This is a GitHub Actions to scan vulnerability using [Trivy](https://github.com/aquasecurity/trivy).


If vulnerabilities are found by Trivy, it creates the following GitHub Issue.

![image](./assets/img/issue.png)

## Feature

- Scan vulnerability used by Trivy

- Create or Update GitHub Issue if vulnerabilities found

  - Customize Issue title, label and assignee

  - Issue body is generated by template parameter

## Inputs

|Parameter|Required|Default Value|Description|

|:--:|:--:|:--:|:--|

|token|True|N/A|GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.|

|image|True|N/A|The target image name to scan the vulnerability
Specify this parameter or `IMAGE_NAME` environment variable|

|trivy_version|False|latest|Trivy version|

|severity|False|HIGH,CRITICAL|Severities of vulnerabilities (separated by commma)|

|vuln_type|False|os,library|Scan target are os and / or library (separated by commma)|

|ignore_unfixed|False|false|Ignore unfixed vulnerabilities
Please specify `true` or `false`|

|template|False|N/A|Path to template file
This parameter equals trivy --template option
By default, it uses src/default.tpl which is based on [contrib/html.tpl](https://github.com/aquasecurity/trivy/blob/main/contrib/html.tpl)
reference: [Report Formats - Trivy](https://aquasecurity.github.io/trivy/v0.18.3/examples/report/#template)|

|issue_title|False|Security Alert|Issue title|

|issue_label|False|trivy,vulnerability|Issue label (separated by commma)|

|issue_assignee|False|N/A|Issue assignee (separated by commma)|

|fail_on_vulnerabilities|False|false|Whether the action should fail if any vulnerabilities were found.|

## Outputs

|Parameter|Description|

|:--:|:--|

|html_url|The URL to view the issue|

|issue_number|The created issue number|

## Example

Detect your docker image vulnerability everyday at 9:00 (UTC).

```yaml

name: Vulnerability Scan

on:

  schedule:

    - cron: '0 9 * * *'

jobs:

  scan:

    name: Daily Vulnerability Scan

    runs-on: ubuntu-latest

    steps:

      - name: Pull docker image

        run: docker pull sample

      - uses: lazy-actions/gitrivy@v3

        with:

          token: ${{ secrets.GITHUB_TOKEN }}

          image: sample

```