2.7 KiB
2.7 KiB
Wait for ECR Scan and get Sarif GitHub Action
Easily upload coverage reports to Codecov from GitHub Actions
Usage
To integrate with your Actions pipeline, specify the name of this repository with a branch or tag number (main is recommended) as a step within your workflow.yml file.
Inside your .github/workflows/workflow.yml file:
steps:
- uses: discoveryedu/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
with:
repository_name: "docker/repo"
image_tag: "main"
aws_region: "us-east-2"
output_file: "report.sarif"
After you run this shared workflow you might want to upload the results to github. That looks like this:
steps:
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: security
Arguments
This Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
| Input | Description | Required |
|---|---|---|
repository_name |
ECR repository name | *Required |
image_tag |
Docker image tag | *Required |
aws_region |
Region, like us-east-1 | *Required |
output_file |
File location to place the Sarif output file. It is json, but it sometimes uses the .sarif extension |
*Required |
Example full workflow.yml using this Action
name: "Build container image"
on:
push:
branches:
- main
workflow_dispatch:
jobs:
ecr-scan:
runs-on: ubuntu-latest
steps:
# [Probably build and push image to ECR here]
- name: Run ECR Scan and Get SARIF Report
uses: sartography/github-actions-library/wait-for-ecr-scan-and-get-sarif@main
with:
repository_name: "infr/testcloud2202"
image_tag: "main"
aws_region: "us-east-2"
output_file: "report.sarif"
- name: Upload SARIF report as artifact
uses: actions/upload-artifact@v3
with:
name: sarif-report
path: report.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: security