action.yml

name: 'docker-scan'
description: 'Scan a docker image'
author: 'Conventional Actions'
inputs:
  scan-version:
    required: false
    description: 'version of docker scan to use'
    default: latest
    deprecationMessage: 'no longer available'
  token:
    required: false
    description: 'use the authentication token to log into the third-party scanning provider'
    deprecationMessage: 'no longer available'
  exclude-base:
    required: false
    description: 'exclude the base image during scanning'
    default: 'false'
    deprecationMessage: 'no longer available'
  tag:
    required: false
    description: 'tag of image to scan'
    deprecationMessage: 'no longer available'
  image:
    required: true
    description: 'image to scan'
  file:
    required: false
    description: 'specify the location of the Dockerfile associated with the image. This option displays a detailed scan result'
    default: Dockerfile
  severity:
    required: false
    description: 'only report vulnerabilities of provided level or higher (low, medium, high, critical)'
    default: 'medium'
  args:
    required: false
    description: 'Additional arguments to pass to Snyk'
  fail-on:
    required: false
    default: all
    description: 'Fail only when there are vulnerabilities that can be fixed.'
runs:
  using: "docker"
  image: "docker://snyk/snyk:docker"
  env:
    SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
    SNYK_INTEGRATION_VERSION: docker
  args:
    - snyk
    - container
    - test
    - --sarif
    - --severity-threshold=${{ inputs.severity }}
    - --fail-on=${{ inputs.fail-on }}
    - --file=${{ inputs.file }}
    - ${{ inputs.args }}
    - ${{ inputs.image }}
branding:
  icon: alert-triangle
  color: purple