action.yaml

name: 'Clair V4'
description: 'Scans container images for vulnerabilities'
author: 'Red Hat'
inputs:
  image-ref:
    description: 'A remote reference for the image to be scanned'
    required: false
    default: ''
  image-path:
    description: 'A path to the image .tar file (generated from the docker save command) to be scanned'
    required: false
    default: ''
  format:
    description: 'In which format to produce the results'
    required: false
    default: 'sarif'
  output:
    description: 'Where to put the results'
    required: false
    default: ''
  return-code:
    description: 'What code to return if vulnerabilities are found'
    required: false
    default: '0'
  db-file-url:
    description: 'URL of the Sqlite3 zstd-compressed vulnerability database'
    required: false
    default: ''
  docker-config-dir:
    description: 'Path to the docker config dir for the image registry where image-ref is stored'
    required: false
    default: ''
  mode:
    description: 'Whether you want a report or to update the vulnerability database, choose report or update'
    required: false
    default: 'report'
  db-file:
    description: 'Vulnerability database file created for mode `update` or DB file used for `report` mode'
    required: false
    default: ''

runs:
  using: "docker"
  image: "Dockerfile"
  args:
    - '-r ${{ inputs.image-ref }}'
    - '-p ${{ inputs.image-path }}'
    - '-f ${{ inputs.format }}'
    - '-o ${{ inputs.output }}'
    - '-c ${{ inputs.return-code }}'
    - '-d ${{ inputs.db-file-url }}'
    - '-u ${{ inputs.docker-config-dir }}'
    - '-w ${{ inputs.mode }}'
    - '-b ${{ inputs.db-file }}'