Skip to content

quay-vulnerability-check

Actions
GitHub Action for reporting Docker image vulnerabilities on Quay registry
v0.12.0
Latest
By atilsensalduz
Star (4)

Tags

 (2)
securityreporting

Quay Vulnerability Check GitHub Action

Integration Test

This GitHub Action checks Docker image vulnerabilities on Quay.io registry.

Usage

Inputs

  • organization (required): The organization name on Quay.io where the repository is located.
  • repository (required): The name of the repository on Quay.io to check for vulnerabilities.
  • image_tag (required): The tag of the Docker image in the specified repository to check for vulnerabilities.
  • quay_token (required): The Quay.io authentication token with necessary permissions to access the repository and perform vulnerability checks.
  • severities (optional): Comma-separated list of allowed severities. Example: 'High,Critical'. If not provided, all severities will be considered. Allowed values: Unknown, Low, Medium, High, Critical.
  • exit_code (optional): The exit code to be set if vulnerabilities are found. Allowed values: 0 (default) or 1.

Example Workflow

name: Quay Vulnerability Check

on:
  workflow_dispatch:
    inputs:
      organization:
        description: 'Quay organization'
        required: true
      repository:
        description: 'Quay repository'
        required: true
      image_tag:
        description: 'Docker image tag'
        required: true

jobs:
  check-vulnerabilities:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Run Quay Vulnerability Check
      uses: atilsensalduz/quay-image-vulnerability-check-action:v0.9.0
      with:
        organization: ${{ inputs.organization }}
        repository: ${{ inputs.repository }}
        image_tag: ${{ inputs.image_tag }}
        quay_token: ${{ secrets.QUAY_TOKEN }}
        severities: "High, Critical"
        exit_code: "1"

      - name: Generate Report on Action Summary
        if: always()
        run: |
          cat vulnerabilities_report.md >> $GITHUB_STEP_SUMMARY

Contributors (1)

@atilsensalduz

Resources

quay-vulnerability-check is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

GitHub Action for reporting Docker image vulnerabilities on Quay registry
v0.12.0
Latest
By atilsensalduz

Tags

 (2)
securityreporting

Contributors (1)

@atilsensalduz

Resources

quay-vulnerability-check is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.