[fix] Use environment variable for GitHub API

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Apache License 2.0

729 stars 216 forks source link

[fix] Use environment variable for GitHub API #362

Open martincostello opened 1 month ago

martincostello commented 1 month ago

Use GITHUB_API_URL (docs) for the request to the dependency snapshot endpoint so requests work in GitHub Enterprise Server where the API isn't found at api.github.com.

Resolves #312.

CLAassistant commented 1 month ago

All committers have signed the CLA.

simar7 commented 1 month ago

Thanks for the PR! Rather than passing this in as-is, can we define a custom variable that can be overwritten by the user if needed but has a default value of what we have today? That would ensure we don't break backwards compatibility with the existing users in case there's any issue with this change. WDYT?

simar7 commented 1 month ago

It would also be helpful if you can test this change and share the results with us.

martincostello commented 1 month ago

Added the ability to override the value. I'm afraid I can't test this in our GitHub Enterprise instance as we're currently only trialling GitHub Advanced Security, and our license has now expired.