mirror of https://github.com/ivuorinen/actions.git synced 2026-03-20 20:01:07 +00:00

Files

Ismo Vuorinen c435155a95 fix(deps): update action pins and fix trivy-action version comment

Update SHA-pinned action references to latest versions:
- github/codeql-action v4.32.6 → v4.33.0
- nick-fields/retry v3.0.2 → v4.0.0
- actions/cache v5.0.3 → v5.0.4
- oven-sh/setup-bun v2.1.3 → v2.2.0
- softprops/action-gh-release v2.5.0 → v2.6.1
- github/issue-metrics v4.1.0 → v4.1.1
- shivammathur/setup-php 2.36.0 → 2.37.0
- astral-sh/setup-uv v7.5.0 → v7.6.0
- terraform-linters/setup-tflint v6.2.1 → v6.2.2
- aquasecurity/trivy-action: pin from master to v0.35.0

Fix pinact warning in docker-build by adding missing v prefix
to trivy-action version comment (0.35.0 → v0.35.0).

2026-03-20 12:49:50 +02:00

action.yml

fix(deps): update action pins and fix trivy-action version comment

2026-03-20 12:49:50 +02:00

README.md

feat: use our own actions in our workflows (#377 )

2025-11-25 23:51:03 +02:00

rules.yml

feat: use our own actions in our workflows (#377 )

2025-11-25 23:51:03 +02:00

README.md

ivuorinen/actions/security-scan

Security Scan

Description

Comprehensive security scanning for GitHub Actions including actionlint, Gitleaks (optional), and Trivy vulnerability scanning. Requires 'security-events: write' and 'contents: read' permissions in the workflow.

Inputs

name	description	required	default
`gitleaks-license`	Gitleaks license key (required for Gitleaks scanning)	`false`	`""`
`gitleaks-config`	Path to Gitleaks config file	`false`	`.gitleaks.toml`
`trivy-severity`	Severity levels to scan for (comma-separated)	`false`	`CRITICAL,HIGH`
`trivy-scanners`	Types of scanners to run (comma-separated)	`false`	`vuln,config,secret`
`trivy-timeout`	Timeout for Trivy scan	`false`	`10m`
`actionlint-enabled`	Enable actionlint scanning	`false`	`true`
`token`	GitHub token for authentication	`false`	`""`

Outputs

name	description
`has_trivy_results`	Whether Trivy scan produced valid results
`has_gitleaks_results`	Whether Gitleaks scan produced valid results
`total_issues`	Total number of security issues found
`critical_issues`	Number of critical security issues found

Runs

This action is a composite action.

Usage

- uses: ivuorinen/actions/security-scan@main
  with:
    gitleaks-license:
    # Gitleaks license key (required for Gitleaks scanning)
    #
    # Required: false
    # Default: ""

    gitleaks-config:
    # Path to Gitleaks config file
    #
    # Required: false
    # Default: .gitleaks.toml

    trivy-severity:
    # Severity levels to scan for (comma-separated)
    #
    # Required: false
    # Default: CRITICAL,HIGH

    trivy-scanners:
    # Types of scanners to run (comma-separated)
    #
    # Required: false
    # Default: vuln,config,secret

    trivy-timeout:
    # Timeout for Trivy scan
    #
    # Required: false
    # Default: 10m

    actionlint-enabled:
    # Enable actionlint scanning
    #
    # Required: false
    # Default: true

    token:
    # GitHub token for authentication
    #
    # Required: false
    # Default: ""