Add snapshot correlator action input
This commit is contained in:
+4
-1
@@ -67,4 +67,7 @@ typings/
|
|||||||
.next
|
.next
|
||||||
|
|
||||||
# Output from scanning
|
# Output from scanning
|
||||||
output.json
|
output.json
|
||||||
|
|
||||||
|
# Component Detection binary downloaded by tests
|
||||||
|
component-detection
|
||||||
@@ -34,6 +34,7 @@ directoryExclusionList | Filters out specific directories following a minimatch
|
|||||||
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
|
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
|
||||||
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
|
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
|
||||||
detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
|
detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
|
||||||
|
correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the [job_id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id) of the current job | `csharp-backend`
|
||||||
|
|
||||||
For more information: https://github.com/microsoft/component-detection
|
For more information: https://github.com/microsoft/component-detection
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,10 @@ inputs:
|
|||||||
detectorsFilter:
|
detectorsFilter:
|
||||||
description: 'A comma separated list with the identifiers of the specific detectors to be used. This is meant to be used for testing purposes only.'
|
description: 'A comma separated list with the identifiers of the specific detectors to be used. This is meant to be used for testing purposes only.'
|
||||||
required: false
|
required: false
|
||||||
|
correlator:
|
||||||
|
description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.'
|
||||||
|
type: string
|
||||||
|
required: false
|
||||||
runs:
|
runs:
|
||||||
using: 'node16'
|
using: 'node16'
|
||||||
main: 'dist/index.js'
|
main: 'dist/index.js'
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ test("Runs CLI", async () => {
|
|||||||
await ComponentDetection.downloadLatestRelease();
|
await ComponentDetection.downloadLatestRelease();
|
||||||
await ComponentDetection.runComponentDetection("./test");
|
await ComponentDetection.runComponentDetection("./test");
|
||||||
expect(fs.existsSync(ComponentDetection.outputPath));
|
expect(fs.existsSync(ComponentDetection.outputPath));
|
||||||
});
|
}, 6000);
|
||||||
|
|
||||||
test("Parses CLI output", async () => {
|
test("Parses CLI output", async () => {
|
||||||
await ComponentDetection.downloadLatestRelease();
|
await ComponentDetection.downloadLatestRelease();
|
||||||
|
|||||||
+3
-1
@@ -40403,14 +40403,16 @@ const github = __importStar(__nccwpck_require__(5438));
|
|||||||
const dependency_submission_toolkit_1 = __nccwpck_require__(3415);
|
const dependency_submission_toolkit_1 = __nccwpck_require__(3415);
|
||||||
const componentDetection_1 = __importDefault(__nccwpck_require__(4878));
|
const componentDetection_1 = __importDefault(__nccwpck_require__(4878));
|
||||||
function run() {
|
function run() {
|
||||||
|
var _a;
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
let manifests = yield componentDetection_1.default.scanAndGetManifests(core.getInput('filePath'));
|
let manifests = yield componentDetection_1.default.scanAndGetManifests(core.getInput('filePath'));
|
||||||
|
const correlatorInput = ((_a = core.getInput('correlator')) === null || _a === void 0 ? void 0 : _a.trim()) || github.context.job;
|
||||||
let snapshot = new dependency_submission_toolkit_1.Snapshot({
|
let snapshot = new dependency_submission_toolkit_1.Snapshot({
|
||||||
name: "Component Detection",
|
name: "Component Detection",
|
||||||
version: "0.0.1",
|
version: "0.0.1",
|
||||||
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
|
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
|
||||||
}, github.context, {
|
}, github.context, {
|
||||||
correlator: `${github.context.job}`,
|
correlator: correlatorInput,
|
||||||
id: github.context.runId.toString()
|
id: github.context.runId.toString()
|
||||||
});
|
});
|
||||||
core.debug(`Manifests: ${manifests === null || manifests === void 0 ? void 0 : manifests.length}`);
|
core.debug(`Manifests: ${manifests === null || manifests === void 0 ? void 0 : manifests.length}`);
|
||||||
|
|||||||
+1
-1
File diff suppressed because one or more lines are too long
@@ -14,6 +14,7 @@ import ComponentDetection from './componentDetection';
|
|||||||
|
|
||||||
async function run() {
|
async function run() {
|
||||||
let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
|
let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
|
||||||
|
const correlatorInput = core.getInput('correlator')?.trim() || github.context.job;
|
||||||
|
|
||||||
let snapshot = new Snapshot({
|
let snapshot = new Snapshot({
|
||||||
name: "Component Detection",
|
name: "Component Detection",
|
||||||
@@ -22,7 +23,7 @@ async function run() {
|
|||||||
},
|
},
|
||||||
github.context,
|
github.context,
|
||||||
{
|
{
|
||||||
correlator:`${github.context.job}`,
|
correlator: correlatorInput,
|
||||||
id: github.context.runId.toString()
|
id: github.context.runId.toString()
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user