WIP: feat: add in use flag

action.yml

@@ -83,6 +83,11 @@ inputs:
     description: 'Path to the IaC files to scan.'
     required: false
     default: "./"
+  in-use-file-path:
+    description: 'Path to the in-use file.'
+    required: false
+    default: "./in_use.txt"
+
 outputs:
   scanReport:
     description: Path to a JSON file containing the report results, failed evaluation gates, and found vulnerabilities.

src/action.ts

@@ -27,6 +27,7 @@ interface ActionInputParameters {
   recursive: boolean;
   minimumSeverity: string;
   iacScanPath: string;
+  inUseFilePath: string;
 }
 
 export class ActionInputs {
@@ -77,6 +78,7 @@ export class ActionInputs {
       recursive: core.getInput('recursive') == 'true',
       minimumSeverity: core.getInput('minimum-severity'),
       iacScanPath: core.getInput('iac-scan-path') || './',
+      inUseFilePath: core.getInput('in-use-file-path') || './in-use.txt',
     };
 
     const overridenParams = {
@@ -128,6 +130,10 @@ export class ActionInputs {
     return this.params.overridePullString
   }
 
+  get inUseFilePath() {
+    return this.params.inUseFilePath
+  }
+
   private static validateInputs(params: ActionInputParameters) {
     if (!params.standalone && !params.sysdigSecureToken) {
       core.setFailed("Sysdig Secure Token is required for standard execution, please set your token or remove the standalone input.");
@@ -196,6 +202,10 @@ export class ActionInputs {
       flags += ` ${this.params.extraParameters}`;
     }
 
+    if (this.params.inUseFilePath) {
+      flags += ` --in-use-packages-file=${this.params.inUseFilePath}`;
+    }
+
     if (this.params.mode == ScanMode.iac) {
       flags += ` --iac`;
 

src/report.ts

@@ -65,6 +65,7 @@ export interface Package {
   path: string
   layerDigest?: string
   suggestedFix?: string
+  running?: boolean
   vulns?: Vuln[]
 }
 

src/summary.ts

@@ -90,6 +90,7 @@ function addVulnsByLayerTableToSummary(data: Report) {
         { data: '🟠 Medium', header: true },
         { data: '🟡 Low', header: true },
         { data: '⚪ Negligible', header: true },
+        { data: 'In use', header: true },
         { data: 'Exploit', header: true },
       ],
       ...orderedPackagesBySeverity.map(layerPackage => {
@@ -109,6 +110,7 @@ function addVulnsByLayerTableToSummary(data: Report) {
           { data: mediumVulns.toString() },
           { data: lowVulns.toString() },
           { data: negligibleVulns.toString() },
+          { data: layerPackage.running ? '✅' : '❌' },
           { data: exploits.toString() },
         ]
       })
@@ -154,6 +156,7 @@ function getRulePkgMessage(rule: Rule, packages: Package[]) {
     { data: 'CVSS Version', header: true },
     { data: 'CVSS Vector', header: true },
     { data: 'Fixed Version', header: true },
+    { data: 'InUse', header: true },
     { data: 'Exploitable', header: true }]];
 
   rule.failures?.forEach(failure => {
@@ -171,6 +174,7 @@ function getRulePkgMessage(rule: Rule, packages: Package[]) {
         { data: `${vuln.cvssScore.value.version}` },
         { data: `${vuln.cvssScore.value.vector}` },
         { data: `${pkg.suggestedFix || "No fix available"}` },
+        { data: `${pkg.running}` },
         { data: `${vuln.exploitable}` },
       ]);
     }