Minor Fixes (#37)

* add --out-scan-markdown CLI arg

* change --out-scan-markdown to string from bool

* pass --display-vuln-findings as string

* write markdown report to disk

* testing

---------

Co-authored-by: Michael Long <[email protected]>

.github/workflows/example_display_findings.yml

@@ -26,7 +26,7 @@ jobs:
 
 
       # modify this block to scan your intended artifact
-      - name: Scan container
+      - name: Inspector Scan
         id: inspector
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@main
         with:
@@ -40,13 +40,14 @@ jobs:
           artifact_path: 'ubuntu:14.04'
 
           # If enabled, this setting will display Inspector's vulnerability scan findings
-          # as a GitHub actions job summary. See here for an example:
+          # as a GitHub actions job summary. See here for an example summary:
           # https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/actions/runs/8800085041
-          display_vulnerability_findings: true
+          display_vulnerability_findings: "enabled"
 
-          # Set vulnerability thresholds; if the number of vulns is
-          # equal to or greater than any of the specified thresholds, set
-          # the 'vulnerability_threshold_exceeded' output flag to 1.
+          # Set vulnerability thresholds; if the number of vulnerabilities is
+          # equal to or greater than any of the specified thresholds, this
+          # action will set the 'vulnerability_threshold_exceeded'
+          # output flag to 1.
           critical_threshold: 1
           high_threshold: 1
           medium_threshold: 1
@@ -69,8 +70,8 @@ jobs:
       - name: Display Inspector vulnerability scan results (CSV)
         run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
 
-#      - name: Display Inspector vulnerability scan results (Markdown)
-#        run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
+      - name: Display Inspector vulnerability scan results (Markdown)
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
 
 
       # The following steps illustrate how to 
@@ -83,7 +84,7 @@ jobs:
             ${{ steps.inspector.outputs.inspector_scan_results }}
             ${{ steps.inspector.outputs.inspector_scan_results_csv }}
             ${{ steps.inspector.outputs.artifact_sbom }}
- #          ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
+            ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
 
 
         # This step illustrates how to add custom logic if

action.yml

@@ -105,13 +105,16 @@ outputs:
   inspector_scan_results_csv:
     description: "The filepath to the Inspector vulnerability scan in CSV format."
 
+  inspector_scan_results_markdown:
+    description: "The filepath to the Inspector vulnerability scan in markdown format."
+
   vulnerability_threshold_exceeded:
     description: "This variable is set to 1 if any vulnerability threshold was exceeded, otherwise it is 0."
 
 runs:
   using: 'docker'
   image: 'Dockerfile'
-  args: 
+  args:
     - --artifact-type=${{ inputs.artifact_type }}
     - --artifact-path=${{ inputs.artifact_path }}
     - --display-vuln-findings=${{ inputs.display_vulnerability_findings }}

entrypoint/entrypoint/orchestrator.py

@@ -335,11 +335,14 @@ def execute(args) -> int:
                                          others=others)
 
         if args.display_vuln_findings == "enabled":
-            logging.info("posting markdown to job summary")
+
+            logging.info("posting Inspector scan findings to GitHub Actions step summary page")
             converter.post_github_step_summary(markdown)
 
+        logging.info(f"writing markdown report to: {args.out_scan_markdown}")
         with open(args.out_scan_markdown, "w") as f:
             f.write(markdown)
+            set_github_actions_output('inspector_scan_results_markdown', args.out_scan_csv)
 
     is_exceeded = exceeds_threshold(criticals, args.critical,
                                     highs, args.high,