added REAMDE for ecr sarif action w/ burnettk

This commit is contained in:
jasquat 2024-08-16 12:39:05 -04:00
parent 28dc046430
commit 91c11c5c46
No known key found for this signature in database
2 changed files with 83 additions and 0 deletions

View File

@ -1,3 +1,7 @@
# github-actions-library # github-actions-library
Each directory is a github actions library that can be used in your github actions workflow. Each directory is a github actions library that can be used in your github actions workflow.
## Library list
[wait-for-ecr-scan-and-get-sarif](./wait-for-ecr-scan-and-get-sarif/README.md)

View File

@ -0,0 +1,79 @@
# Wait for ECR Scan and get Sarif GitHub Action
### Easily upload coverage reports to Codecov from GitHub Actions
## Usage
To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (`main` is recommended) as a `step` within your `workflow.yml` file.
Inside your `.github/workflows/workflow.yml` file:
```yaml
steps:
- uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
with:
repository_name: "docker/repo"
image_tag: "main"
aws_region: "us-east-2"
output_file: "report.sarif"
```
After you run this shared workflow you might want to upload the results to github.
That looks like this:
```yaml
steps:
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: security
```
## Arguments
This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
| Input | Description | Required |
| :---------------- | :----------------------------------------------------------------------------------------------------- | :--------: |
| `repository_name` | ECR repository name | \*Required |
| `image_tag` | Docker image tag | \*Required |
| `aws_region` | Region, like us-east-1 | \*Required |
| `output_file` | File location to place the Sarif output file. It is json, but it sometimes uses the `.sarif` extension | \*Required |
### Example full `workflow.yml` using this Action
```yaml
name: "Build container image"
on:
push:
branches:
- main
workflow_dispatch:
jobs:
ecr-scan:
runs-on: ubuntu-latest
steps:
# [Probably build and push image to ECR here]
- name: Run ECR Scan and Get SARIF Report
uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
with:
repository_name: "infr/testcloud2202"
image_tag: "main"
aws_region: "us-east-2"
output_file: "report.sarif"
- name: Upload SARIF report as artifact
uses: actions/upload-artifact@v3
with:
name: sarif-report
path: report.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: security
```