feat(image): add --docker-host option for GH Action users (#267)

calinmarina · simar7 · web-flow · commit 0f287db5d30a · 2024-04-03T17:26:17.000-06:00
* add option to update docker-host via cli parameter

* chore: update test results

---------

Co-authored-by: simar7 &lt;1254783+simar7@users.noreply.github.com&gt;
diff --git a/action.yaml b/action.yaml
@@ -94,6 +94,9 @@ inputs:
   limit-severities-for-sarif:
     description: 'limit severities for SARIF format'
     required: false
+  docker-host:
+    description: 'unix domain socket path to use for docker scanning'
+    required: false
 
 runs:
   using: 'docker'
@@ -123,3 +126,4 @@ runs:
     - '-v ${{ inputs.trivy-config }}'
     - '-x ${{ inputs.tf-vars }}'
     - '-z ${{ inputs.limit-severities-for-sarif }}'
+    - '-y ${{ inputs.docker-host }}'
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do
+while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:y:z:" o; do
    case "${o}" in
        a)
          export scanType=${OPTARG}
@@ -71,6 +71,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do
        x)
          export tfVars=${OPTARG}
        ;;
+       y)
+         export dockerHost=${OPTARG}
+       ;;
        z)
          export limitSeveritiesForSARIF=${OPTARG}
        ;;
@@ -165,6 +168,9 @@ if [ "$hideProgress" == "true" ];then
   ARGS="$ARGS --quiet"
   SARIF_ARGS="$SARIF_ARGS --quiet"
 fi
+if [ "$dockerHost" == "true" ];then
+  ARGS="$ARGS --docker-host $dockerHost"
+fi
 
 listAllPkgs=$(echo $listAllPkgs | tr -d '\r')
 if [ "$listAllPkgs" == "true" ];then
diff --git a/test/test.bats b/test/test.bats
@@ -82,6 +82,14 @@ bats_load_library bats-file
   assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
 }
 
+@test "trivy image with custom docker-host" {
+  # trivy image --docker-host unix:///var/run/docker.sock --severity CRITICAL --output image.test knqyf263/vuln-image:1.2.3
+  run ./entrypoint.sh '-y unix:///var/run/docker.sock' '-a image' '-i knqyf263/vuln-image:1.2.3' '-h image.test' '-g CRITICAL'
+  run diff image.test ./test/data/image.test
+  echo "$output"
+  assert_files_equal image.test ./test/data/image.test
+}
+
 @test "trivy config with terraform variables" {
   # trivy config --format json --severity  MEDIUM --output  tfvars.test --tf-vars  ./test/data/dev.tfvars ./test/data  
   run ./entrypoint.sh "-a config"  "-j ./test/data" "-h tfvars.test" "-g MEDIUM" "-x dev.tfvars" "-b json"
