search

aws-actions / vulnerability-scan-github-action-for-amazon-inspector

Scan artifacts with Amazon Inspector from GitHub Actions workflows.
https://docs.aws.amazon.com/inspector/
MIT License
25 stars 6 forks source link

Show severity and score from providers in addition to NVD in the summary report #72

Closed s-kenji closed 2 months ago

s-kenji commented 3 months ago

Description

Show severity and score from providers in addition to NVD in the summary report in GitHub Actions. The prioritize severity is the following order:

  1. NVD
  2. MITRE
  3. AMAZON_INSPECTOR (As Amazon Inspector does not provide score, only display severity)

If severity is not provided by any provider, the severity and score will remain empty.

Related Issues: https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/issues/68

Logs:

time="2024-07-22 15:06:14" level=info msg="downloading and installing inspector-sbomgen version latest" file="orchestrator.py:17"
time="2024-07-22 15:06:15" level=info msg="generating SBOM from artifact" file="orchestrator.py:21"
INFO[0000] Amazon Inspector SBOM Generator v1.3.1 - linux arm64 - Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved
INFO[0000] [/usr/local/bin/inspector-sbomgen directory --path /tmp/python-proj --outfile /tmp/sbom_9943125441.json --disable-progress-bar --timeout 600]
INFO[0000] writing log file to: /Users/kensugim/.inspector-sbomgen/logs/inspector-sbomgen-log_2024-07-22_15-06-15.txt
INFO[2024-07-22 15:06:15]coreV1.go:34: initializing target artifact
INFO[2024-07-22 15:06:15]coreV1.go:44: executing pre-processors
INFO[2024-07-22 15:06:15]directory.go:180: walking the artifact
INFO[2024-07-22 15:06:15]coreV1.go:53: analyzing artifact
INFO[2024-07-22 15:06:15]coreV1.go:62: executing post-processors
INFO[2024-07-22 15:06:15]coreV1.go:71: encoding findings
INFO[2024-07-22 15:06:15]directories.go:243: encoded 19 components
INFO[2024-07-22 15:06:15]directory.go:242: cleaning up file system artifacts
INFO[2024-07-22 15:06:15]cli.go:62: Elapsed time: 130ms
time="2024-07-22 15:06:15" level=info msg="setting github actions output: artifact_sbom:/tmp/sbom_9943125441.json" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:15" level=info msg="scanning SBOM contents with Amazon Inspector" file="orchestrator.py:25"
time="2024-07-22 15:06:16" level=info msg="setting github actions output: inspector_scan_results:/tmp/inspector_scan_9943125441.json" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="tallying vulnerabilities" file="orchestrator.py:30"

    ------------------------------------
    Amazon Inspector Scan Summary:
    Artifact Name: /tmp/python-proj
    Artifact Type: repository
    2024-07-22 15:06:16
    ------------------------------------
    Total Vulnerabilities: 19
    Critical:   3
    High:       10
    Medium:     6
    Low:        0
    Other:      0

time="2024-07-22 15:06:16" level=info msg="setting github actions output: vulnerability_threshold_exceeded:0" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="writing package vulnerability CSV report to: /tmp/inspector_scan_9943125441.csv" file="orchestrator.py:398"
time="2024-07-22 15:06:16" level=info msg="setting github actions output: inspector_scan_results_csv:/tmp/inspector_scan_9943125441.csv" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="writing package vulnerability markdown report to: /tmp/inspector_scan_9943125441.md" file="orchestrator.py:416"
time="2024-07-22 15:06:16" level=info msg="posting Inspector scan findings to GitHub Actions step summary page" file="orchestrator.py:445"
time="2024-07-22 15:06:16" level=error msg="[Errno 21] Is a directory: '/tmp'" file="pkg_vuln.py:432"
time="2024-07-22 15:06:16" level=info msg="setting github actions output: inspector_scan_results_markdown:/tmp/inspector_scan_9943125441.md" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="skipping dockerfile vulnerability CSV report because no vulnerabilities were detected" file="dockerfile.py:318"
time="2024-07-22 15:06:16" level=info msg="setting github actions output: inspector_dockerile_scan_results_csv:/tmp/inspector_dockerfile_scan_9943125441.csv" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="skipping dockerfile vulnerability MD report because no vulnerabilities were detected" file="dockerfile.py:332"
time="2024-07-22 15:06:16" level=info msg="setting github actions output: inspector_dockerile_scan_results_markdown:/tmp/inspector_dockerfile_scan_9943125441.md" file="orchestrator.py:233"
sh: line 1: : No such file or directory
time="2024-07-22 15:06:16" level=info msg="posting Inspector Dockerfile scan findings to GitHub Actions step summary page" file="orchestrator.py:57"

Screenshots Before: before

After: after