-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathaction.yml
95 lines (94 loc) · 2.81 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: 'Dockle - Container Image Linter'
description: 'Scans container image configurations'
author: 'Tomoya AMACHI'
inputs:
image:
description: 'target container image name'
required: true
output:
description: 'output file name'
required: false
default: ''
exit-code:
description: 'exit code when alert were found'
required: false
default: '1'
exit-level:
description: 'change ABEND level when use exit-code=1'
required: false
default: 'warn'
format:
description: 'output format (list, json, sarif)'
required: false
default: 'list'
ignore:
description: 'comma-separated list of code'
required: false
default: ''
accept-key:
description: 'For CIS-DI-0010. You can add acceptable keywords. e.g) GPG_KEY,KEYCLOAK'
required: false
default: ''
accept-file:
description: 'For CIS-DI-0010. You can add acceptable file names. e.g) id_rsa,config.json'
required: false
default: ''
accept-file-extension:
description: 'For CIS-DI-0010. You can add acceptable file extensions. e.g) pem,log'
required: false
default: ''
sensitive-word:
description: 'For CIS-DI-0010. You can add sensitive keywords to look for. e.g) -ak api_password -sw keys'
required: false
quiet:
description: 'suppress log output'
required: false
no-color:
description: 'disabling color output'
required: false
timeout:
description: 'docker timeout. e.g) 5s, 5m...'
required: false
default: '10m'
use-xdg:
description: 'Docker daemon host file XDG_RUNTIME_DIR'
required: false
host:
description: 'docker daemon host'
required: false
authurl:
description: 'registry authenticate url'
required: false
username:
description: 'registry login username'
required: false
password:
description: 'registry login password. Using --password via CLI is insecure.'
required: false
insecure:
description: 'registry connect insecure'
required: false
runs:
using: 'docker'
image: 'Dockerfile'
env:
DOCKLE_IGNORES: ${{ inputs.ignore }}
DOCKLE_ACCEPT_KEYS: ${{ inputs.accept-key }}
DOCKLE_REJECT_KEYS: ${{ inputs.sensitive-word }}
DOCKLE_ACCEPT_FILES: ${{ inputs.accept-file }}
DOCKLE_ACCEPT_FILE_EXTENSIONS: ${{ inputs.accept-file-extension }}
NO_COLOR: ${{ inputs.no-color }}
DOCKLE_VERSION_CHECK: ${{ inputs.version-check }}
DOCKLE_TIMEOUT: ${{ inputs.timeout }}
USE_XDG: ${{ inputs.use-xdg }}
DOCKLE_HOST: ${{ inputs.host }}
DOCKLE_AUTH_URL: ${{ inputs.authurl }}
DOCKLE_USERNAME: ${{ inputs.username }}
DOCKLE_PASSWORD: ${{ inputs.password }}
DOCKLE_INSECURE: ${{ inputs.insecure }}
args:
- -t ${{ inputs.image }}
- -c ${{ inputs.exit-code }}
- -l ${{ inputs.exit-level }}
- -f ${{ inputs.format }}
- -o ${{ inputs.output }}