diff --git a/action.yml b/action.yml index ce36389..99872b1 100644 --- a/action.yml +++ b/action.yml @@ -27,6 +27,15 @@ inputs: correlator: description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.' required: false + detector-name: + description: 'The name of the detector. If provided, detector-version and detector-url must also be provided.' + required: false + detector-version: + description: 'The version of the detector. If provided, detector-name and detector-url must also be provided.' + required: false + detector-url: + description: 'The URL of the detector. If provided, detector-name and detector-version must also be provided.' + required: false runs: using: 'node20' main: 'dist/index.js' diff --git a/index.ts b/index.ts index 48be11c..cc8f0e3 100644 --- a/index.ts +++ b/index.ts @@ -13,23 +13,49 @@ import { import ComponentDetection from './componentDetection'; async function run() { - let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath')); - const correlatorInput = core.getInput('correlator')?.trim() || github.context.job; - - let snapshot = new Snapshot({ - name: "Component Detection", - version: "0.0.1", - url: "https://github.com/advanced-security/component-detection-dependency-submission-action", - }, - github.context, - { + let manifests = await ComponentDetection.scanAndGetManifests( + core.getInput("filePath") + ); + const correlatorInput = + core.getInput("correlator")?.trim() || github.context.job; + + // Get detector configuration inputs + const detectorName = core.getInput("detector-name")?.trim(); + const detectorVersion = core.getInput("detector-version")?.trim(); + const detectorUrl = core.getInput("detector-url")?.trim(); + + // Validate that if any detector config is provided, all must be provided + const hasAnyDetectorInput = detectorName || detectorVersion || detectorUrl; + const hasAllDetectorInputs = detectorName && detectorVersion && detectorUrl; + + if (hasAnyDetectorInput && !hasAllDetectorInputs) { + core.setFailed( + "If any detector configuration is provided (detector-name, detector-version, detector-url), all three must be provided." + ); + return; + } + + // Use provided detector config or defaults + const detector = hasAllDetectorInputs + ? { + name: detectorName, + version: detectorVersion, + url: detectorUrl, + } + : { + name: "Component Detection", + version: "0.0.1", + url: "https://github.com/advanced-security/component-detection-dependency-submission-action", + }; + + let snapshot = new Snapshot(detector, github.context, { correlator: correlatorInput, - id: github.context.runId.toString() + id: github.context.runId.toString(), }); core.debug(`Manifests: ${manifests?.length}`); - manifests?.forEach(manifest => { + manifests?.forEach((manifest) => { core.debug(`Manifest: ${JSON.stringify(manifest)}`); snapshot.addManifest(manifest); });