Skip to content

Commit 4e74c04

Browse files
bluesentinelsecCarolMebiomMaria Carolina ConceiçãoMichael Long
authored
v1.3.0 (#123)
* Feature request 91 (#115) * FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts * Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts" This reverts commit bc532d4. * FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts * FR-91: Fix unit tests * FR-91: Fix typo in unit tests * Revert "FR-91: Fix typo in unit tests" This reverts commit e645542. * Revert "FR-91: Fix unit tests" This reverts commit f9157c9. * Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts" This reverts commit 812c685. * FR-91: Change orchestrator to only find fixed vulnerabilities if flag show-only-fixed-vulnerabilities is present * FR-91: Fixed missing variable * FR-91: Fixed typo * FR-91: Fixed typo * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * Add unit test for get_vuln_count * Fix unit test for get_vuln_count --------- Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com> * Clarify license of inspector-sbomgen dependency (#121) Co-authored-by: Michael Long <mlongii@amazon.com> * [v1.3.0] Only trigger vuln threshold on fixable vulns (#122) * Add --threshold-fixable-only to CLI * implemented business logic * changed 'threshold_fixable_only' from str to bool * Added more test coverage and CLI refinements * debugging failing unit test * test threshold-fixable-only in workflow * test threshold-fixable-only in workflow * debugging CI/CD * debugging CI/CD * debugging * debugging * debugging * debugging * removed debug log showing CLI arguments * add missing argument, fixed_vuln_counts * simplify get_fixed_vuln_counts() return values * refactor return types in get_scan_result() * refactor * refine get_fixed_vuln_counts() * update test_get_fixed_vuln_counts() * testing case sensitivity * revert 'TRUE' to 'true' * use debug log when vuln doesnt have rating * integrate --show-only-fixable-vulns (part 1) * integrate only show fixable vulns * test example workflows * fix CLI input arguments * remove leading '-' character for conditional inclusion * add a no-op CLI arg (workaround) * enable new arguments in workflows * fix failing test * update workflows for prod --------- Co-authored-by: Michael Long <mlongii@amazon.com> * set workflows to v1.3.0 for burn-in --------- Co-authored-by: CarolMebiom <59604360+CarolMebiom@users.noreply.github.com> Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com> Co-authored-by: Michael Long <mlongii@amazon.com>
1 parent 5dc8a4b commit 4e74c04

18 files changed

+269
-43
lines changed

.github/workflows/build_scan_container.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
4848

4949
- name: Scan built image with Inspector
50-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
50+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
5151
id: inspector
5252
with:
5353
artifact_type: 'container'

.github/workflows/example_display_findings.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
# modify this block to scan your intended artifact
3030
- name: Inspector Scan
3131
id: inspector
32-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
32+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3333
with:
3434
# change artifact_type to either 'repository', 'container', 'binary', or 'archive'.
3535
# this example scans a container image

.github/workflows/example_vulnerability_threshold_exceeded.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ jobs:
4848

4949
# Inspector scan
5050
- name: Scan container with Inspector
51-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
51+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
5252
id: inspector
5353
with:
5454
artifact_type: 'container' # configure Inspector for scanning a container

.github/workflows/test_archive.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Test archive scan
3434
id: inspector
35-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
35+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3636
with:
3737
artifact_type: 'archive'
3838
artifact_path: 'entrypoint/tests/test_data/artifacts/archives/testData.zip'

.github/workflows/test_binary.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Test binary scan
3434
id: inspector
35-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
35+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3636
with:
3737
artifact_type: 'binary'
3838
artifact_path: 'entrypoint/tests/test_data/artifacts/binaries/inspector-sbomgen'

.github/workflows/test_containers.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Test container scan
3434
id: inspector
35-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
35+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3636
with:
3737
artifact_type: 'container'
3838
artifact_path: 'ubuntu:14.04'

.github/workflows/test_dockerfile_vulns.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131

3232
- name: Scan Dockerfiles
3333
id: inspector
34-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
34+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3535
with:
3636
artifact_type: 'repository'
3737
artifact_path: './'

.github/workflows/test_installation.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
2929

3030
- name: Test Amazon Inspector GitHub Actions plugin
31-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
31+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3232
with:
3333
artifact_type: 'container'
3434
artifact_path: 'alpine:latest'

.github/workflows/test_no_vulns.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828

2929
- name: Test binary scan
3030
id: inspector
31-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
31+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3232
with:
3333
artifact_type: 'binary'
3434
artifact_path: 'entrypoint/tests/test_data/artifacts/binaries/test_go_binary'

.github/workflows/test_reports_no_vulns.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626

2727
- name: Test container scan
2828
id: inspector
29-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
29+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.3.0
3030
with:
3131
artifact_type: 'container'
3232
artifact_path: 'alpine:latest'

0 commit comments

Comments
 (0)