Thank you for sharing great project.
I've tried gitriny
with the following container image but the action ended up with Node run failure.
2020-01-27T13:21:54.4994634Z ##[section]Starting: Request a runner to run this job
2020-01-27T13:21:54.7871803Z Requesting a hosted runner in current repository's account/organization with labels: 'ubuntu-18.04', require runner match: True
2020-01-27T13:21:55.3171886Z Labels matched hosted runners has been found, waiting for one of them get assigned for this job.
2020-01-27T13:21:55.3744625Z ##[section]Finishing: Request a runner to run this job
2020-01-27T13:22:03.9768657Z Current runner version: '2.164.0'
2020-01-27T13:22:03.9769676Z Prepare workflow directory
2020-01-27T13:22:03.9993272Z Prepare all required actions
2020-01-27T13:22:04.0004994Z Download action repository 'homoluctus/[email protected]'
2020-01-27T13:22:06.9668205Z ##[group]Run docker pull ${IMAGE_NAME}
2020-01-27T13:22:06.9668604Z �[36;1mdocker pull ${IMAGE_NAME}�[0m
2020-01-27T13:22:06.9699351Z shell: /bin/bash -e {0}
2020-01-27T13:22:06.9699725Z env:
2020-01-27T13:22:06.9699918Z IMAGE_NAME: python:3.4-alpine
2020-01-27T13:22:06.9700092Z ##[endgroup]
2020-01-27T13:22:10.8131530Z 3.4-alpine: Pulling from library/python
2020-01-27T13:22:11.1137759Z 8e402f1a9c57: Pulling fs layer
2020-01-27T13:22:11.1144014Z cda9ba2397ef: Pulling fs layer
2020-01-27T13:22:11.1144467Z aafecf9bbbfd: Pulling fs layer
2020-01-27T13:22:11.1144930Z bc2e7e266629: Pulling fs layer
2020-01-27T13:22:11.1145108Z e1977129b756: Pulling fs layer
2020-01-27T13:22:11.1145279Z bc2e7e266629: Waiting
2020-01-27T13:22:11.1145465Z e1977129b756: Waiting
2020-01-27T13:22:11.5266589Z 8e402f1a9c57: Download complete
2020-01-27T13:22:11.5374622Z cda9ba2397ef: Verifying Checksum
2020-01-27T13:22:11.5375959Z cda9ba2397ef: Download complete
2020-01-27T13:22:11.7110265Z aafecf9bbbfd: Verifying Checksum
2020-01-27T13:22:11.7112940Z aafecf9bbbfd: Download complete
2020-01-27T13:22:11.8999902Z 8e402f1a9c57: Pull complete
2020-01-27T13:22:11.9047050Z bc2e7e266629: Verifying Checksum
2020-01-27T13:22:11.9048847Z bc2e7e266629: Download complete
2020-01-27T13:22:11.9563324Z e1977129b756: Verifying Checksum
2020-01-27T13:22:11.9565009Z e1977129b756: Download complete
2020-01-27T13:22:12.1105703Z cda9ba2397ef: Pull complete
2020-01-27T13:22:13.0915180Z aafecf9bbbfd: Pull complete
2020-01-27T13:22:13.2057201Z bc2e7e266629: Pull complete
2020-01-27T13:22:13.4346141Z e1977129b756: Pull complete
2020-01-27T13:22:13.4598025Z Digest: sha256:c210b660e2ea553a7afa23b41a6ed112f85dbce25cbcb567c75dfe05342a4c4b
2020-01-27T13:22:13.4798315Z Status: Downloaded newer image for python:3.4-alpine
2020-01-27T13:22:13.4816420Z docker.io/library/python:3.4-alpine
2020-01-27T13:22:13.5227446Z ##[group]Run homoluctus/[email protected]
2020-01-27T13:22:13.5227579Z with:
2020-01-27T13:22:13.5228186Z token: ***
2020-01-27T13:22:13.5228284Z image: ${IMAGE_NAME}
2020-01-27T13:22:13.5228371Z issue: true
2020-01-27T13:22:13.5228460Z trivy_version: latest
2020-01-27T13:22:13.5228553Z severity: HIGH,CRITICAL
2020-01-27T13:22:13.5228642Z vuln_type: os,library
2020-01-27T13:22:13.5228730Z ignore_unfixed: false
2020-01-27T13:22:13.5228817Z issue_title: Security Alert
2020-01-27T13:22:13.5228914Z issue_label: trivy,vulnerability
2020-01-27T13:22:13.5229001Z env:
2020-01-27T13:22:13.5229091Z IMAGE_NAME: python:3.4-alpine
2020-01-27T13:22:13.5229179Z ##[endgroup]
2020-01-27T13:22:16.2164812Z Download URL: https://github.com/aquasecurity/trivy/releases/download/v0.4.3/trivy_0.4.3_Linux-64bit.tar.gz
2020-01-27T13:22:17.5238368Z Trivy Command Path: /home/runner/work/actions-sandbox/actions-sandbox/trivy
2020-01-27T13:22:17.5406895Z ##[error]Error: Failed vulnerability scan using Trivy.
stdout:
stderr:
erorr: undefined
at Trivy.scan (/home/runner/work/_actions/homoluctus/gitrivy/v1.0.0/dist/index.js:13332:15)
at /home/runner/work/_actions/homoluctus/gitrivy/v1.0.0/dist/index.js:6592:34
at Generator.next (<anonymous>)
at fulfilled (/home/runner/work/_actions/homoluctus/gitrivy/v1.0.0/dist/index.js:6555:58)
2020-01-27T13:22:17.5413224Z ##[error]Failed vulnerability scan using Trivy.
stdout:
stderr:
erorr: undefined
2020-01-27T13:22:17.5466913Z ##[error]Node run failed with exit code 1
2020-01-27T13:22:17.5477398Z Cleaning up orphan processes
I actually tried with a different container image, but I go the same result.