update-readme -- add links to supported os, change verbiage around outputs, misc formatting updates (#44)

cjbaco · web-flow · commit bfa7cbecc6af · 2024-04-26T12:03:58.000-04:00
diff --git a/README.md b/README.md
@@ -10,21 +10,16 @@ An active AWS account is required to use this action.
 
 ## Overview
 
-This action works by first generating a CycloneDX software bill of materials (SBOM) for the provided artifact.
+This action works by first generating a CycloneDX software bill of materials (SBOM) for the provided artifact. The SBOM is then sent to Amazon Inspector and scanned for known vulnerabilities.
 
-The SBOM is then sent to Amazon Inspector. Inspector scans the provided SBOM for known vulnerabilities, and returns its
-results to the calling action.
-
-This action can scan the following artifact types for software vulnerabilities:
+This action can scan the following artifact types for vulnerabilities:
 
 1. Files and directories in your GitHub repository
 2. Container images
 3. Compiled Go and Rust binaries (*stripped and obfuscated binaries are not supported*)
 4. Archives *(.zip, .tar, .tar.gz)*
 
-To learn more about this action's supported artifacts, please see our documentation
-here: [Amazon Inspector SBOM Generator (inspector-sbomgen)](https://docs.aws.amazon.com/inspector/latest/user/sbom-generator.html)
-.
+For more information, please refer to Amazon Inspector's supported [artifacts](https://docs.aws.amazon.com/inspector/latest/user/sbom-generator.html) and [container operating systems](https://docs.aws.amazon.com/inspector/latest/user/supported.html#supported-os-ecr).
 
 ## Prerequisites
 
@@ -66,13 +61,13 @@ Perform the following steps to quickly add this action to your GitHub Actions pi
    jobs:
      daily_job:
        runs-on: ubuntu-latest
-       
+
        # change this to match your GitHub Secrets environment
        environment:
          name: your_github_secrets_environment
-   
+
        steps:
-   
+
          # modify this block based on how you authenticate to AWS
          # make sure you have permission to access the Inspector ScanSbom API
          # https://docs.aws.amazon.com/inspector/latest/user/configure-cicd-account.html#cicd-iam-role
@@ -81,30 +76,30 @@ Perform the following steps to quickly add this action to your GitHub Actions pi
            with:
              aws-region: "us-east-1"
              role-to-assume: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
-   
+
          # Check out your repository if needed
          - name: Checkout this repository
            uses: actions/checkout@v4
-   
+
          # modify this block to scan your intended artifact
          - name: Inspector Scan
            id: inspector
            uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1
            with:
              # change artifact_type to either 'repository', 'container', 'binary', or 'archive'.
              artifact_type: 'repository'
-   
+
              # change artifact_path to the file path or container image you would like to scan.
              # File paths should be relative to your root project directory.
              # For containers, this action accepts 'docker pull'-style references to containers,
              # such as 'alpine:latest' or a file path to an image exported as TAR using docker save.
              artifact_path: './'
-   
+
              # If enabled, this setting will display Inspector's vulnerability scan findings
              # as a GitHub actions step summary. See here for an example step summary:
              # https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/actions/runs/8800085041
              display_vulnerability_findings: "enabled"
-   
+
              # Set vulnerability thresholds; if the number of vulnerabilities is
              # equal to or greater than any of the specified thresholds, this
              # action will set the 'vulnerability_threshold_exceeded'
@@ -114,27 +109,27 @@ Perform the following steps to quickly add this action to your GitHub Actions pi
              medium_threshold: 1
              low_threshold: 1
              other_threshold: 1
-   
+
              # Additional input arguments are available to control scan behavior.
              # See 'action.yml' for additional input/output options.
-   
-   
-         # The following steps illustrate how to 
+
+
+         # The following steps illustrate how to
          # display scan results in the GitHub Actions job terminal.
          - name: Display CycloneDX SBOM (JSON)
            run: cat ${{ steps.inspector.outputs.artifact_sbom }}
-   
+
          - name: Display Inspector vulnerability scan results (JSON)
            run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
-   
+
          - name: Display Inspector vulnerability scan results (CSV)
            run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
-   
+
          - name: Display Inspector vulnerability scan results (Markdown)
            run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
-   
-   
-         # The following steps illustrate how to 
+
+
+         # The following steps illustrate how to
          # upload scan results as a GitHub actions job artifact
          - name: Upload Scan Results
            uses: actions/upload-artifact@v4
@@ -145,8 +140,8 @@ Perform the following steps to quickly add this action to your GitHub Actions pi
                ${{ steps.inspector.outputs.inspector_scan_results_csv }}
                ${{ steps.inspector.outputs.artifact_sbom }}
                ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
-   
-   
+
+
            # This step illustrates how to add custom logic if
            # the vulnerability threshold is exceeded. This example
            # simply prints the 'vulnerability_threshold_exceeded' value
@@ -165,16 +160,9 @@ For additional examples, see [this repository's workflow definitions](.github/wo
 
 ### Configuring Vulnerability Scan Outputs
 
-This action provides detailed Inspector scan findings in JSON, CSV, and markdown, as well as a CycloneDX software bill
-of
-materials in JSON.
-
-By default, this action will only display the number of vulnerabilities detected in the GitHub Actions job terminal.
-Detailed vulnerability findings are not shown by design.
-
-This is done so **you** can control how and where your vulnerability findings are presented and stored.
+By default, this action only displays the number of vulnerabilities detected in the GitHub Actions job terminal. Detailed findings are optional and configurable as JSON, CSV, or Markdown. In addition, an artifact inventory is available as a CycloneDX JSON file.
 
-The example below shows how to present this action's outputs in various locations and formats.
+The below example shows how to enable action outputs in various locations and formats.
 
 **Exercise caution to ensure you do not accidentally post vulnerability information to untrusted viewers.**
 
