Open woodruffw opened 2 years ago
felixogg-britned
commented
1 month ago It's a great idea, but I am mostly looking to just commit the results to a file in the same github action execution, so it gets tracked as a repo file. I could not work out how to send output in markdown format to a local file.
woodruffw
commented
1 month ago You can currently use outputs.internal-be-careful-ouput for that. That may or may not be idea for your case, however, since that output is the human-readable column format and not JSON.
felixogg-britned
commented
3 weeks ago Learned a lot of new things trying to tend to this one. I copied the code I managed to blend this into below for anyone like myself who is less familiar with GitHub Actions configuration.
- id: gen-cve-output
uses: pypa/gh-action-pip-audit@v1.1.0
with:
inputs: $GITHUB_WORKSPACE/tmp/requirements.txt
# Store results of the run to $GITHUB_WORKSPACE/security_scans.md
- name: store_to_markdown
run: |
echo "storing to file: ${{ steps.gen-cve-output.outputs.internal-be-careful-output }}"
echo ${{ steps.gen-cve-output.outputs.internal-be-careful-output }} > $GITHUB_WORKSPACE/security_scans.md
echo "saved."
- name: create_pr
uses: peter-evans/create-pull-request@v7
with:
commit-message: "Pip-audit found issues"
branch-suffix: timestamp
branch: pip-audit-issues
title: "Pip-audit found CVE security issues 🚨"So,
This was just a random thought I had: some users might want to integrate the results of this action's workflow run(s) into other alerting systems, like a Slack channel.
Supporting every possible integration would be tedious, so we could instead allow a user to specify a URL that the action would perform an HTTP
POSTto if one or more vulnerabilities were found. For example:Not sure if this is a good idea or not, but wanted to record it.