mirror of
https://github.com/sonatype/actions.git
synced 2026-03-25 05:33:16 +00:00
55 lines
1.7 KiB
YAML
55 lines
1.7 KiB
YAML
name: 'Sonatype GitHub Actions'
|
|
description: 'A set of actions to identify vulnerabilities in your workflows using Sonatype''s security solutions.'
|
|
|
|
author: 'Sonatype'
|
|
|
|
branding:
|
|
icon: 'shield'
|
|
color: 'purple'
|
|
|
|
# Define your inputs here.
|
|
inputs:
|
|
iq-server-url:
|
|
description: 'Lifecycle (IQ Server) URL (e.g. http://localhost:8070).'
|
|
required: true
|
|
username:
|
|
description: 'The username to authenticate with Lifecycle (IQ Server).'
|
|
required: true
|
|
password:
|
|
description: 'The password to authenticate with Lifecycle (IQ Server).'
|
|
required: true
|
|
application-id:
|
|
description:
|
|
'Lifecycle (IQ Server) application ID. When Automatic Applications is enabled and the application ID has not yet
|
|
been used, a new application will be created with the given ID.'
|
|
required: true
|
|
scan-targets:
|
|
description:
|
|
'Space-separated list of paths to specific files, directories, or docker images. Apache Ant-styled patterns are
|
|
allowed.'
|
|
required: true
|
|
|
|
# Define your outputs here.
|
|
outputs:
|
|
scan-id:
|
|
value: ${{ steps.evaluate.outputs.scan-id }}
|
|
description:
|
|
'Scan id result of the run operation. It can be used to access the Lifecycle report of related artifacts.'
|
|
report-url:
|
|
value: ${{ steps.evaluate.outputs.report-url }}
|
|
description: 'Link to navigate directly to the analysis report in Lifecycle (IQ Server).'
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: Evaluate
|
|
id: evaluate
|
|
uses: sonatype/actions/evaluate@v1.9.3
|
|
with:
|
|
iq-server-url: ${{ inputs.iq-server-url }}
|
|
username: ${{ inputs.username }}
|
|
password: ${{ inputs.password }}
|
|
application-id: ${{ inputs.application-id }}
|
|
scan-targets: ${{ inputs.scan-targets }}
|
|
|