feat: Add support for --ignore-unfixed flag (#10)

Resolves: #9
aquasecurity · Jun 22, 2020 · f498173 · f498173
1 parent c88ebc5
commit f498173
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -41,11 +41,12 @@ jobs:
         run: |
           docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
       - name: Run vulnerability scanner
-        uses: aquasecurity/[email protected].6
+        uses: aquasecurity/[email protected].7
         with:
           image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
           format: 'table'
           exit-code: '1'
+          ignore-unfixed: true
           severity: 'CRITICAL,HIGH'
 ```
 
@@ -55,12 +56,13 @@ jobs:
 
 Following inputs can be used as `step.with` keys:
 
-| Name        | Type   | Default                            | Description                                   |
-|-------------|--------|------------------------------------|-----------------------------------------------|
-| `image-ref` | String |                                    | Image reference, e.g. `alpine:3.10.2`         |
-| `format`    | String | `table`                            | Output format (`table`, `json`)               |
-| `exit-code` | String | `0`                                | Exit code when vulnerabilities were found     |
-| `severity`  | String | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | Severities of vulnerabilities to be displayed |
+| Name             | Type    | Default                            | Description                                   |
+|------------------|---------|------------------------------------|-----------------------------------------------|
+| `image-ref`      | String  |                                    | Image reference, e.g. `alpine:3.10.2`         |
+| `format`         | String  | `table`                            | Output format (`table`, `json`)               |
+| `exit-code`      | String  | `0`                                | Exit code when vulnerabilities were found     |
+| `ignore-unfixed` | Boolean | false                              | Ignore unpatched/unfixed vulnerabilities      |
+| `severity`       | String  | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | Severities of vulnerabilities to be displayed |
 
 [release]: https://github.com/aquasecurity/trivy-action/releases/latest
 [release-img]: https://img.shields.io/github/release/aquasecurity/trivy-action.svg?logo=github

diff --git a/action.yaml b/action.yaml
@@ -9,6 +9,10 @@ inputs:
     description: 'exit code when vulnerabilities were found'
     required: false
     default: '0'
+  ignore-unfixed:
+    description: 'ignore unfixed vulnerabilities'
+    required: false
+    default: false
   severity:
     description: 'severities of vulnerabilities to be displayed'
     required: false
@@ -24,5 +28,6 @@ runs:
     - 'image'
     - '--format=${{ inputs.format }}'
     - '--exit-code=${{ inputs.exit-code }}'
+    - '--ignore-unfixed=${{ inputs.ignore-unfixed }}'
     - '--severity=${{ inputs.severity }}'
     - '${{ inputs.image-ref }}'