sartography
/
github-actions-library
mirror of https://github.com/sartography/github-actions-library.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
github-actions-library/wait-for-ecr-scan-and-get-s...
History
jasquat 91c11c5c46
added REAMDE for ecr sarif action w/ burnettk 		2024-08-16 12:39:05 -04:00
..
bin updated tests for new short description w/ burnettk 2024-08-16 12:07:21 -04:00
pylib updated tool name and info uri w/ burnettk 2024-08-16 12:13:54 -04:00
tests updated tests for new short description w/ burnettk 2024-08-16 12:07:21 -04:00
README.md added REAMDE for ecr sarif action w/ burnettk 2024-08-16 12:39:05 -04:00
action.yml fix script 2024-08-15 18:30:46 -04:00
requirements.txt added wrapper script and a little cleanup w/ burnettk 2024-08-15 17:06:19 -04:00
sarif-schema-2.1.0.json updated json sarif schema w/ burnettk 2024-08-15 14:59:47 -04:00
test_aws_scan_findings_to_sarif.py added wrapper script and a little cleanup w/ burnettk 2024-08-15 17:06:19 -04:00
wait_for_ecr_scan_and_get_sarif.py more code to wait for image scan to complete w/ burnettk 2024-08-15 17:31:06 -04:00

README.md

Wait for ECR Scan and get Sarif GitHub Action

Easily upload coverage reports to Codecov from GitHub Actions

Usage

To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (main is recommended) as a step within your workflow.yml file.

Inside your .github/workflows/workflow.yml file:

steps:
  - uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
    with:
      repository_name: "docker/repo"
      image_tag: "main"
      aws_region: "us-east-2"
      output_file: "report.sarif"

After you run this shared workflow you might want to upload the results to github. That looks like this:

steps:
  - name: Upload SARIF file
    uses: github/codeql-action/upload-sarif@v3
    with:
      sarif_file: report.sarif
      category: security

Arguments

This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:

Input Description Required
repository_name ECR repository name *Required
image_tag Docker image tag *Required
aws_region Region, like us-east-1 *Required
output_file File location to place the Sarif output file. It is json, but it sometimes uses the .sarif extension *Required

Example full workflow.yml using this Action

name: "Build container image"
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  ecr-scan:
    runs-on: ubuntu-latest

    steps:
      # [Probably build and push image to ECR here]

      - name: Run ECR Scan and Get SARIF Report
        uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
        with:
          repository_name: "infr/testcloud2202"
          image_tag: "main"
          aws_region: "us-east-2"
          output_file: "report.sarif"

      - name: Upload SARIF report as artifact
        uses: actions/upload-artifact@v3
        with:
          name: sarif-report
          path: report.sarif

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: report.sarif
          category: security