Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rennf93/parse-docker-scout-output
A GitHub Action designed to parse the output from Docker Scout.
https://github.com/rennf93/parse-docker-scout-output
monitoring reporting
Last synced: 1 day ago
JSON representation
A GitHub Action designed to parse the output from Docker Scout.
- Host: GitHub
- URL: https://github.com/rennf93/parse-docker-scout-output
- Owner: rennf93
- License: mit
- Created: 2024-07-05T20:00:35.000Z (7 months ago)
- Default Branch: master
- Last Pushed: 2024-11-17T12:55:04.000Z (2 months ago)
- Last Synced: 2024-11-24T20:45:49.417Z (2 months ago)
- Topics: monitoring, reporting
- Language: Python
- Homepage:
- Size: 35.2 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# parse-docker-scout-output
`parse-docker-scout-output` is a GitHub Action designed to parse the output from Docker Scout. It processes Docker Scout's recommendations, CVEs, and SBOM outputs, and uploads the results as PDF to your GitHub repository. This action is ideal for enhancing the visibility of Docker image security within your projects.
## Features
- Parses Docker Scout recommendations, CVEs, and SBOM outputs
- Uploads the results as PDF to your GitHub repository
- Sets environment variables with the URLs of these images
## Outputs
This action does not produce direct outputs but uploads PDFs to the repository and sets environment variables with the URLs of these PDFs.
## Usage
To use this action in your workflow, add the following step:
```yaml
- name: Parse Docker Scout Output
uses: rennf93/parse-docker-scout-output@v1
with:
PAT: ${{ secrets.PAT }}
TARGET_REPO: ${{ secrets.TARGET_REPO }}
TARGET_BRANCH: ${{ secrets.TARGET_BRANCH }}
TARGET_FOLDER: ${{ secrets.TARGET_FOLDER }}
RECOMMENDATIONS: ${{ steps.docker-scout.outputs.recommendations }}
CVES_OUTPUT: ${{ steps.docker-scout.outputs.cves }}
SBOM_OUTPUT: ${{ steps.docker-scout.outputs.sbom }}
IMAGE_DETAILS: ${{ steps.docker-scout.outputs.image_details }}
```
## Inputs
| Input Name | Description | Required |
|--------------------|------------------------------------------|----------|
| `TARGET_REPO`| Target GitHub Repo to upload images to | true |
| `TARGET_BRANCH` | Target Repo's Branch to upload images to | true |
| `TARGET_FOLDER` | Folder in the repository to upload images to | true |
| `RECOMMENDATIONS` | Docker Scout recommendations HTML output | true |
| `CVES_OUTPUT` | Docker Scout CVEs HTML output | false |
| `SBOM_OUTPUT` | Docker Scout SBOM HTML output | false |
| `IMAGE_DETAILS` | Docker image details JSON | false |
| `PAT` | GitHub Personal Access Token for authentication | true |
## Example Workflow
Here is an example of how to integrate this action into a GitHub workflow:
```yaml
name: Example Workflow
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Docker Scout Analysis
id: docker-scout
uses: docker/[email protected]
with:
command: cves,recommendations,compare,sbom
image: :
- name: Parse Docker Scout Output
uses: rennf93/[email protected]
with:
PAT: ${{ secrets.PAT }}
TARGET_REPO: ${{ secrets.TARGET_REPO }}
TARGET_BRANCH: ${{ secrets.TARGET_BRANCH }}
TARGET_FOLDER: ${{ secrets.TARGET_FOLDER }}
RECOMMENDATIONS: ${{ steps.docker-scout.outputs.recommendations }}
CVES_OUTPUT: ${{ steps.docker-scout.outputs.cves }}
SBOM_OUTPUT: ${{ steps.docker-scout.outputs.sbom }}
IMAGE_DETAILS: ${{ steps.docker-scout.outputs.image_details }}
```
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.