Azure · Phuurl · Dec 13, 2021 · Dec 13, 2021 · Dec 13, 2021
diff --git a/README.md b/README.md
@@ -25,6 +25,11 @@ Please checkout [Trivy](https://github.com/aquasecurity/trivy/blob/main/LICENSE)
     <td>(Required) The Docker image to be scanned</td>
     <td>''</td>
   </tr>
+  <tr>
+    <td><code>run-vuln-checks</code></td>
+    <td>(Optional) This is a boolean value. When set to `true`, Trivy is run over the container to check for vulnerabilities.</td>
+    <td>true</td>
+  </tr>
   <tr>
     <td><code>severity-threshold</code></td>
     <td>(Optional) Minimum severity threshold set to control flagging of the vulnerabilities found during the scan. The available levels are: (UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL); if you set the severity-threshold to be `MEDIUM` every CVE found of a level higher than or equal to `MEDIUM` would be displayed</td>

diff --git a/__tests__/inputHelper.test.ts b/__tests__/inputHelper.test.ts
@@ -13,6 +13,7 @@ describe('Validate inputs', () => {
                 'username': 'username',
                 'password': 'password',
                 'severity-threshold': 'HIGH',
+                'run-vuln-checks': 'true',
                 'run-quality-checks': 'true'
             }
             mockedCore.__setMockInputValues(__mockInputValues);
@@ -30,6 +31,7 @@ describe('Validate inputs', () => {
                 'username': 'username',
                 'password': 'password',
                 'severity-threshold': 'HIGH',
+                'run-vuln-checks': 'true',
                 'run-quality-checks': 'true'
             }
             mockedCore.__setMockInputValues(__mockInputValues);

diff --git a/action.yaml b/action.yaml
@@ -4,6 +4,10 @@ inputs:
   image-name:
     description: 'Docker image to scan'
     required: true
+  run-vuln-checks:
+    description: 'Run vulnerability checks'
+    required: false
+    default: true
   severity-threshold:
     description: '(Optional) Minimum severity threshold set to control flagging of the vulnerabilities found during the scan. The available levels are: (UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL); if you set the severity-threshold to be `MEDIUM` every CVE found of a level higher than or equal to `MEDIUM` would be displayed'
     required: false

diff --git a/lib/inputHelper.js b/lib/inputHelper.js
@@ -13,7 +13,12 @@ exports.githubToken = core.getInput("token");
 exports.username = core.getInput("username");
 exports.password = core.getInput("password");
 exports.severityThreshold = core.getInput("severity-threshold");
+exports.runVulnChecks = core.getInput("run-vuln-checks");
 exports.runQualityChecks = core.getInput("run-quality-checks");
+function isRunVulnChecksEnabled() {
+    return exports.runVulnChecks.toLowerCase() === "true";
+}
+exports.isRunVulnChecksEnabled = isRunVulnChecksEnabled;
 function isRunQualityChecksEnabled() {
     return exports.runQualityChecks.toLowerCase() === "true";
 }

diff --git a/lib/main.js b/lib/main.js
@@ -26,21 +26,28 @@ function run() {
     return __awaiter(this, void 0, void 0, function* () {
         inputHelper.validateRequiredInputs();
         allowedlistHandler.init();
-        const trivyResult = yield trivyHelper.runTrivy();
-        const trivyStatus = trivyResult.status;
-        if (trivyStatus === trivyHelper.TRIVY_EXIT_CODE) {
-            trivyHelper.printFormattedOutput();
-        }
-        else if (trivyStatus === 0) {
-            console.log("No vulnerabilities were detected in the container image");
+        let trivyResult;
+        let trivyStatus;
+        if (inputHelper.isRunVulnChecksEnabled()) {
+            trivyResult = yield trivyHelper.runTrivy();
+            trivyStatus = trivyResult.status;
+            if (trivyStatus === trivyHelper.TRIVY_EXIT_CODE) {
+                trivyHelper.printFormattedOutput();
+            }
+            else if (trivyStatus === 0) {
+                console.log("No vulnerabilities were detected in the container image");
+            }
+            else {
+                const errors = utils.extractErrorsFromLogs(trivyHelper.getTrivyLogPath(), trivyHelper.trivyToolName);
+                errors.forEach(err => {
+                    core.error(err);
+                });
+                throw new Error(`An error occurred while scanning container image: ${inputHelper.imageName} for vulnerabilities.`);
+            }
         }
         else {
-            const errors = utils.extractErrorsFromLogs(trivyHelper.getTrivyLogPath(), trivyHelper.trivyToolName);
-
-            errors.forEach(err => {
-                core.error(err);
-            });
-            throw new Error(`An error occurred while scanning container image: ${imageName} for vulnerabilities.`);
+            const trivyStatus = 0;
+            console.log("Skipping vulnerability checks");
         }
         let dockleStatus;
         if (inputHelper.isRunQualityChecksEnabled()) {

diff --git a/lib/utils.js b/lib/utils.js
@@ -169,4 +169,4 @@ function getCheckText(trivyStatus, dockleStatus) {
         text = `${text}\n${separator}\n${dockleText}`;
     }
     return text;
-}
+}
diff --git a/src/inputHelper.ts b/src/inputHelper.ts
@@ -5,8 +5,13 @@ export const githubToken = core.getInput("token");
 export const username = core.getInput("username");
 export const password = core.getInput("password");
 export const severityThreshold = core.getInput("severity-threshold");
+export const runVulnChecks = core.getInput("run-vuln-checks");
 export const runQualityChecks = core.getInput("run-quality-checks");
 
+export function isRunVulnChecksEnabled(): boolean {
+    return runVulnChecks.toLowerCase() === "true";
+}
+
 export function isRunQualityChecksEnabled(): boolean {
     return runQualityChecks.toLowerCase() === "true";
 }

diff --git a/src/main.ts b/src/main.ts
@@ -8,20 +8,28 @@ import * as utils from './utils';
 export async function run(): Promise<void> {
     inputHelper.validateRequiredInputs();
     allowedlistHandler.init();
-    const trivyResult = await trivyHelper.runTrivy();
-    const trivyStatus = trivyResult.status;
 
-    if (trivyStatus === trivyHelper.TRIVY_EXIT_CODE) {
-        trivyHelper.printFormattedOutput();
-    } else if (trivyStatus === 0) {
-        console.log("No vulnerabilities were detected in the container image");
-    } else {
-        const errors = utils.extractErrorsFromLogs(trivyHelper.getTrivyLogPath(), trivyHelper.trivyToolName);
+    let trivyResult: trivyHelper.TrivyResult;
+    let trivyStatus: number;
+    if (inputHelper.isRunVulnChecksEnabled()) {
+        trivyResult = await trivyHelper.runTrivy();
+        trivyStatus = trivyResult.status;
+
+        if (trivyStatus === trivyHelper.TRIVY_EXIT_CODE) {
+            trivyHelper.printFormattedOutput();
+        } else if (trivyStatus === 0) {
+            console.log("No vulnerabilities were detected in the container image");
+        } else {
+            const errors = utils.extractErrorsFromLogs(trivyHelper.getTrivyLogPath(), trivyHelper.trivyToolName);
 
-        errors.forEach(err => {
-            core.error(err);
-        });
-        throw new Error(`An error occurred while scanning container image: ${inputHelper.imageName} for vulnerabilities.`);
+            errors.forEach(err => {
+                core.error(err);
+            });
+            throw new Error(`An error occurred while scanning container image: ${inputHelper.imageName} for vulnerabilities.`);
+        }
+    } else {
+        const trivyStatus = 0;
+        console.log("Skipping vulnerability checks");
     }
 
     let dockleStatus: number;
-Original file line number
+Diff line change
@@ Expand Up / @@ -169,4 +169,4 @@ function getCheckText(trivyStatus, dockleStatus) { @@
             text = `${text}\n${separator}\n${dockleText}`;
         }
         return text;
-    }
+    }