Quay Vulnerability Check GitHub Action

This GitHub Action checks Docker image vulnerabilities on Quay.io registry.

Usage

Inputs

• organization (required): The organization name on Quay.io where the repository is located.
• repository (required): The name of the repository on Quay.io to check for vulnerabilities.
• image_tag (required): The tag of the Docker image in the specified repository to check for vulnerabilities.
• quay_token (required): The Quay.io authentication token with necessary permissions to access the repository and perform vulnerability checks.
• severities (optional): Comma-separated list of allowed severities. Example: 'High,Critical'. If not provided, all severities will be considered. Allowed values: Unknown, Low, Medium, High, Critical.
• exit_code (optional): The exit code to be set if vulnerabilities are found. Allowed values: 0 (default) or 1.

Example Workflow

name: Quay Vulnerability Check

on:
  workflow_dispatch:
    inputs:
      organization:
        description: 'Quay organization'
        required: true
      repository:
        description: 'Quay repository'
        required: true
      image_tag:
        description: 'Docker image tag'
        required: true

jobs:
  check-vulnerabilities:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Run Quay Vulnerability Check
      uses: atilsensalduz/quay-image-vulnerability-check-action:v0.9.0
      with:
        organization: ${{ inputs.organization }}
        repository: ${{ inputs.repository }}
        image_tag: ${{ inputs.image_tag }}
        quay_token: ${{ secrets.QUAY_TOKEN }}
        severities: "High, Critical"
        exit_code: "1"

      - name: Generate Report on Action Summary
        if: always()
        run: |
          cat vulnerabilities_report.md >> $GITHUB_STEP_SUMMARY