Display Findings Example #495
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Display Findings Example | |
| # Run once per day and on git push | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| push: | |
| branches: # | |
| - '*' | |
| jobs: | |
| daily_job: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: plugin-development # change this to match your GitHub Secrets environment | |
| steps: | |
| # modify this block based on how you authenticate to AWS | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| # modify this block to scan your intended artifact | |
| - name: Inspector Scan | |
| id: inspector | |
| uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1 | |
| with: | |
| # change artifact_type to either 'repository', 'container', 'binary', or 'archive'. | |
| # this example scans a container image | |
| artifact_type: 'container' | |
| # change artifact_path to the file path or container image you would like to scan. | |
| # For containers, this action accepts 'docker pull'-style references to containers, | |
| # such as 'alpine:latest' or a file path to an image exported as TAR using docker save. | |
| artifact_path: 'ubuntu:14.04' | |
| # If enabled, this setting will display Inspector's vulnerability scan findings | |
| # as a GitHub actions job summary. See here for an example summary: | |
| # https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/actions/runs/8800085041 | |
| display_vulnerability_findings: "enabled" | |
| # Set vulnerability thresholds; if the number of vulnerabilities is | |
| # equal to or greater than any of the specified thresholds, this | |
| # action will set the 'vulnerability_threshold_exceeded' | |
| # output flag to 1. | |
| critical_threshold: 1 | |
| high_threshold: 1 | |
| medium_threshold: 1 | |
| low_threshold: 1 | |
| other_threshold: 1 | |
| sbomgen_version: "latest" | |
| # Additional input arguments are available. | |
| # See 'action.yml' for additional input/output options. | |
| # The following steps illustrate how to | |
| # display scan results in the GitHub Actions job terminal. | |
| # These examples simply print the output files to the console. | |
| - name: Display CycloneDX SBOM (JSON) | |
| run: cat ${{ steps.inspector.outputs.artifact_sbom }} | |
| - name: Display Inspector vulnerability scan results (JSON) | |
| run: cat ${{ steps.inspector.outputs.inspector_scan_results }} | |
| - name: Display Inspector vulnerability scan results (CSV) | |
| run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }} | |
| - name: Display Inspector vulnerability scan results (Markdown) | |
| run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }} | |
| # The following steps illustrate how to | |
| # upload scan results as a GitHub actions job artifact | |
| - name: Upload Scan Results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Inspector Vulnerability Scan Artifacts | |
| path: | | |
| ${{ steps.inspector.outputs.inspector_scan_results }} | |
| ${{ steps.inspector.outputs.inspector_scan_results_csv }} | |
| ${{ steps.inspector.outputs.artifact_sbom }} | |
| ${{ steps.inspector.outputs.inspector_scan_results_markdown }} | |
| # This step illustrates how to add custom logic if | |
| # the vulnerability threshold is exceeded. This example | |
| # simply prints the 'vulnerability_threshold_exceeded' value | |
| # to the GitHub actions job terminal. | |
| # Replace 'echo' with 'exit' if you want to fail the job. | |
| - name: On vulnerability threshold exceeded | |
| run: echo ${{ steps.inspector.outputs.vulnerability_threshold_exceeded }} | |