v1.2.0

This release adds support for scanning multi-arch container images.

To use this feature, specify the OS and CPU platform matching the image you wish to scan by adding the platform argument to your workflows, as shown below:

      - name: Scan built image with Inspector
        uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
        id: inspector
        with:
          artifact_type: 'container'
          artifact_path: 'alpine:latest'
          ...
          platform: "linux/arm64/v8"
          sbomgen_version: "latest"

If platform is unspecified, this action will default to the OS/CPU platform that matches the GitHub Actions runner.

⚠️ This workflow requires inspector-sbomgen versions greater than or equal to 1.5.2.

v1.1.5

Improved handling of Inspector reports (CSV, JSON, Markdown) when no vulnerabilities were found.

v1.1.4

• This release fixes an issue that caused the example workflow to fail when no vulnerabilities were detected (see issue 85 and PR #86).

• Minor improvements to the Dockerfile markdown report (#92, #93, #94)

v1.1.3

This patch release improves parsing and rendering of the Inspector vulnerability summary report (#72, #75, #77, #78):

• Added new column Source which denotes the vendor that provided the vulnerability severity, such as NVD, MITRE, or Amazon Inspector.
• Resolved issue that was causing vulnerability severity to be empty when the severity was provided by a source other than NVD.

v1.1.2

Resolves an issue that prevented the action from executing on aarch64 systems. #62

v1.1.1

The vulnerability step summary is now displayed when zero vulnerabilities are present. #60

v1.1.0

This release adds support for a new vulnerability finding type: Dockerfile security configuration issues.

This action will scan stand alone Dockerfiles in your project, archive, or container image for vulnerabilities.

Additionally, this action will scan an image's build history for security issues.

Release version 1.0.0

Vulnerability Scan GitHub Action for Amazon Inspector

Amazon Inspector is a vulnerability management service that scans AWS workloads
and CycloneDX SBOMs for known software vulnerabilities.

This GitHub Action allows you to scan supported artifacts for software vulnerabilities using Amazon Inspector from your
GitHub Actions workflows.

An active AWS account is required to use this action.