Thanks to visit codestin.com
Credit goes to github.com

Skip to content

add action input for --add-cpes-if-none flag #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Mar 17, 2023
Merged

add action input for --add-cpes-if-none flag #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1287122
add action input to control add-cpes-if-none flag
sebhoss Mar 17, 2023
1702c69
read new action input and attach flag
sebhoss Mar 17, 2023
2abe411
recreate distribution bundle
sebhoss Mar 17, 2023
6115e12
make existing tests work w/ new flag again
sebhoss Mar 17, 2023
848d2a3
add test for --add-cpes-if-none flag
sebhoss Mar 17, 2023
f909b60
add missing docs for add-cpes-if-none
sebhoss Mar 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ The inputs `image`, `path`, and `sbom` are mutually exclusive to specify the sou
| `output-format` | Set the output parameter after successful action execution. Valid choices are `json`, `sarif`, and `table`, where `table` output will print to the console instead of generating a file. | `sarif` |
| `severity-cutoff` | Optionally specify the minimum vulnerability severity to trigger a failure. Valid choices are "negligible", "low", "medium", "high" and "critical". Any vulnerability with a severity less than this value will lead to a "warning" result. Default is "medium". | `medium` |
| `only-fixed` | Specify whether to only report vulnerabilities that have a fix available. | `false` |
| `add-cpes-if-none` | Specify whether to autogenerate missing CPEs. | `false` |

### Action Outputs

Expand Down
4 changes: 4 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ inputs:
description: "Specify whether to only report vulnerabilities that have a fix available. Default is false."
required: false
default: "false"
add-cpes-if-none:
description: "Specify whether to autogenerate missing CPEs. Default is false."
required: false
default: "false"
outputs:
sarif:
description: "Path to a SARIF report file for the image"
Expand Down
9 changes: 8 additions & 1 deletion dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,12 +104,14 @@ async function run() {
const outputFormat = core.getInput("output-format") || "sarif";
const severityCutoff = core.getInput("severity-cutoff") || "medium";
const onlyFixed = core.getInput("only-fixed") || "false";
const addCpesIfNone = core.getInput("add-cpes-if-none") || "false";
const out = await runScan({
source,
failBuild,
severityCutoff,
onlyFixed,
outputFormat,
addCpesIfNone,
});
Object.keys(out).map((key) => {
core.setOutput(key, out[key]);
Expand All @@ -119,7 +121,7 @@ async function run() {
}
}

async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFormat }) {
async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFormat, addCpesIfNone }) {
const out = {};

const env = {
Expand Down Expand Up @@ -150,6 +152,7 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor

failBuild = failBuild.toLowerCase() === "true";
onlyFixed = onlyFixed.toLowerCase() === "true";
addCpesIfNone = addCpesIfNone.toLowerCase() === "true";

cmdArgs.push("-o", outputFormat);

Expand Down Expand Up @@ -183,6 +186,7 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor
core.debug("Fail Build: " + failBuild);
core.debug("Severity Cutoff: " + severityCutoff);
core.debug("Only Fixed: " + onlyFixed);
core.debug("Add Missing CPEs: " + addCpesIfNone);
core.debug("Output Format: " + outputFormat);

core.debug("Creating options for GRYPE analyzer");
Expand All @@ -197,6 +201,9 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor
if (onlyFixed === true) {
cmdArgs.push("--only-fixed");
}
if (addCpesIfNone === true) {
cmdArgs.push("--add-cpes-if-none");
}
cmdArgs.push(source);

// This /dev/null writable stream is required so the entire Grype output
Expand Down
9 changes: 8 additions & 1 deletion index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,14 @@ async function run() {
const outputFormat = core.getInput("output-format") || "sarif";
const severityCutoff = core.getInput("severity-cutoff") || "medium";
const onlyFixed = core.getInput("only-fixed") || "false";
const addCpesIfNone = core.getInput("add-cpes-if-none") || "false";
const out = await runScan({
source,
failBuild,
severityCutoff,
onlyFixed,
outputFormat,
addCpesIfNone,
});
Object.keys(out).map((key) => {
core.setOutput(key, out[key]);
Expand All @@ -105,7 +107,7 @@ async function run() {
}
}

async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFormat }) {
async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFormat, addCpesIfNone }) {
const out = {};

const env = {
Expand Down Expand Up @@ -136,6 +138,7 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor

failBuild = failBuild.toLowerCase() === "true";
onlyFixed = onlyFixed.toLowerCase() === "true";
addCpesIfNone = addCpesIfNone.toLowerCase() === "true";

cmdArgs.push("-o", outputFormat);

Expand Down Expand Up @@ -169,6 +172,7 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor
core.debug("Fail Build: " + failBuild);
core.debug("Severity Cutoff: " + severityCutoff);
core.debug("Only Fixed: " + onlyFixed);
core.debug("Add Missing CPEs: " + addCpesIfNone);
core.debug("Output Format: " + outputFormat);

core.debug("Creating options for GRYPE analyzer");
Expand All @@ -183,6 +187,9 @@ async function runScan({ source, failBuild, severityCutoff, onlyFixed, outputFor
if (onlyFixed === true) {
cmdArgs.push("--only-fixed");
}
if (addCpesIfNone === true) {
cmdArgs.push("--add-cpes-if-none");
}
cmdArgs.push(source);

// This /dev/null writable stream is required so the entire Grype output
Expand Down
3 changes: 3 additions & 0 deletions tests/action_args.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ describe("Github action args", () => {
"fail-build": "true",
"output-format": "json",
"severity-cutoff": "medium",
"add-cpes-if-none": "true",
};
const spyInput = jest.spyOn(core, "getInput").mockImplementation((name) => {
try {
Expand Down Expand Up @@ -47,6 +48,7 @@ describe("Github action args", () => {
"fail-build": "true",
"output-format": "sarif",
"severity-cutoff": "medium",
"add-cpes-if-none": "true",
};
const spyInput = jest.spyOn(core, "getInput").mockImplementation((name) => {
try {
Expand Down Expand Up @@ -81,6 +83,7 @@ describe("Github action args", () => {
"fail-build": "true",
"output-format": "table",
"severity-cutoff": "medium",
"add-cpes-if-none": "true",
};
const spyInput = jest.spyOn(core, "getInput").mockImplementation((name) => {
try {
Expand Down
15 changes: 15 additions & 0 deletions tests/grype_command.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ describe("Grype command", () => {
severityCutoff: "high",
version: "0.6.0",
onlyFixed: "false",
addCpesIfNone: "false",
});
expect(cmd).toBe("grype -o sarif --fail-on high dir:.");
});
Expand All @@ -44,7 +45,21 @@ describe("Grype command", () => {
severityCutoff: "low",
version: "0.6.0",
onlyFixed: "false",
addCpesIfNone: "false",
});
expect(cmd).toBe("grype -o json --fail-on low asdf");
});

it("adds missing CPEs if requested", async () => {
let cmd = await mockExec({
source: "asdf",
failBuild: "false",
outputFormat: "json",
severityCutoff: "low",
version: "0.6.0",
onlyFixed: "false",
addCpesIfNone: "true",
});
expect(cmd).toBe("grype -o json --fail-on low --add-cpes-if-none asdf");
});
});
1 change: 1 addition & 0 deletions tests/sarif_output.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ const testSource = async (source, vulnerabilities) => {
outputFormat: "sarif",
severityCutoff: "medium",
onlyFixed: "false",
addCpesIfNone: "false",
});

// expect to get sarif output
Expand Down