generated from actions/typescript-action
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yml
67 lines (63 loc) · 2.01 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: SafeDep
description:
Protect against vulnerable and malicious Open Source Software (OSS)
dependencies using policy as code based guardrails.
author: 'SafeDep'
branding:
icon: 'shield'
color: 'green'
inputs:
policy:
description: Path to policy file, default policy will be used when not given
required: false
cloud:
description: Synchronize configuration, policy and report with SafeDep cloud
required: false
default: false
cloud-key:
description: API key to use for synchronizing report with SafeDep cloud
required: false
cloud-tenant:
description: Tenant ID to use for synchronizing report with SafeDep cloud
required: false
version:
description:
vet version to use for the scan. Defaults to using latest release
required: false
exception-file:
description: Path to exception file
required: false
trusted-registries:
description: Comma separated list of trusted registry base URLs
required: false
timeout:
description: |
Timeout in seconds for vet to wait for external service results to be
available. For malicious package analysis, this set the maximum time
to wait for the analysis results to be available.
required: false
default: 300
upload-sarif:
description: |
Upload SARIF report as an artifact associated with the workflow run.
This is used only during full scan on push or schedule.
default: true
required: false
add-step-summary:
description: |
Add a summary of the vet scan as a step in the workflow run.
This is used only during full scan on push or schedule.
default: true
required: false
enable-comments-proxy:
description: |
Enable Comments Proxy Server to create comments on GitHub PRs.
This is required when the action is invoked in a PR from a forked repository.
default: false
required: false
outputs:
report:
description: Path to SARIF report for uploading to Github Security tab
runs:
using: node20
main: dist/index.js