-
Notifications
You must be signed in to change notification settings - Fork 89
Expand file tree
/
Copy pathaction.yml
More file actions
87 lines (85 loc) · 2.85 KB
/
Copy pathaction.yml
File metadata and controls
87 lines (85 loc) · 2.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: 'DockSec AI Scanner'
description: 'AI-powered Docker security scanner that explains vulnerabilities in plain English.'
author: 'Advait Patel'
branding:
icon: 'shield'
color: 'blue'
inputs:
dockerfile:
description: 'Path to the Dockerfile to analyze'
required: false
default: 'Dockerfile'
image:
description: 'Docker image name to scan'
required: false
compose:
description: 'Path to docker-compose file to scan'
required: false
output:
description: 'Deprecated alias for output_dir. The standalone -o/--output file flag no longer exists; this value is now used as the report output directory.'
required: false
output_dir:
description: 'Directory to write reports to (default: ~/.docksec/results in the container)'
required: false
severity:
description: 'Comma-separated severity levels for the image scan (default: CRITICAL,HIGH)'
required: false
fail_on:
description: 'Exit non-zero if any finding is at or above this severity (CRITICAL, HIGH, MEDIUM, or LOW)'
required: false
format:
description: 'Comma-separated report formats to write: json, csv, pdf, html (default: all)'
required: false
sarif:
description: 'Write a SARIF 2.1.0 report for GitHub Code Scanning'
required: false
default: 'false'
openai_api_key:
description: 'OpenAI API Key for AI analysis'
required: false
anthropic_api_key:
description: 'Anthropic API Key for AI analysis'
required: false
google_api_key:
description: 'Google API Key for AI analysis'
required: false
llm_provider:
description: 'LLM provider (openai, anthropic, google, ollama)'
required: false
default: 'openai'
llm_model:
description: 'Specific model name to use'
required: false
ai_only:
description: 'Run AI analysis only'
required: false
default: 'false'
scan_only:
description: 'Run security scanners only (no AI)'
required: false
default: 'false'
image_only:
description: 'Scan image without Dockerfile analysis'
required: false
default: 'false'
runs:
using: 'docker'
image: 'Dockerfile'
env:
INPUT_DOCKERFILE: ${{ inputs.dockerfile }}
INPUT_IMAGE: ${{ inputs.image }}
INPUT_COMPOSE: ${{ inputs.compose }}
INPUT_OUTPUT: ${{ inputs.output }}
INPUT_OUTPUT_DIR: ${{ inputs.output_dir }}
INPUT_SEVERITY: ${{ inputs.severity }}
INPUT_FAIL_ON: ${{ inputs.fail_on }}
INPUT_FORMAT: ${{ inputs.format }}
INPUT_SARIF: ${{ inputs.sarif }}
INPUT_OPENAI_API_KEY: ${{ inputs.openai_api_key }}
INPUT_ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
INPUT_GOOGLE_API_KEY: ${{ inputs.google_api_key }}
INPUT_LLM_PROVIDER: ${{ inputs.llm_provider }}
INPUT_LLM_MODEL: ${{ inputs.llm_model }}
INPUT_AI_ONLY: ${{ inputs.ai_only }}
INPUT_SCAN_ONLY: ${{ inputs.scan_only }}
INPUT_IMAGE_ONLY: ${{ inputs.image_only }}