Supporting running client with --tool (#17)

davidknise · web-flow · commit 406e72a7cf97 · 2022-04-25T10:18:48.000-07:00
Supporting running client with --tools (#17)
diff --git a/action.yml b/action.yml
@@ -14,6 +14,8 @@ inputs:
     description: A comma separated list of analyzer categories to run. Values secrets, code, artifacts, IaC, containers. Example IaC,secrets. Defaults to all.
   languages:
     description: A comma separated list of languages to analyze. Example javascript, typescript. Defaults to all.
+  tools:
+    description: A comma separated list of analyzer tools to run. Example bandit, binskim, eslint, template-analyzer, terrascan, trivy.
 outputs:
   sarifFile:
     description: A file path to a SARIF results file.
diff --git a/lib/action.js b/lib/action.js
@@ -67,6 +67,17 @@ function run() {
                 }
             }
         }
+        let toolsString = core.getInput('tools');
+        if (!client.isNullOrWhiteSpace(toolsString)) {
+            let tools = toolsString.split(',');
+            args.push('--tool');
+            for (let i = 0; i < tools.length; i++) {
+                let tool = tools[i];
+                if (!client.isNullOrWhiteSpace(tool)) {
+                    args.push(tool.trim());
+                }
+            }
+        }
         args.push('--github');
         yield client.run(args, 'microsoft/security-devops-action');
     });
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "microsoft-security-devops-action",
-    "version": "1.4.0",
+    "version": "1.5.0",
     "description": "Node dependencies for the microsoft/security-devops-action.",
     "scripts": {
         "test": "mocha"
diff --git a/src/action.ts b/src/action.ts
@@ -45,6 +45,18 @@ async function run() {
         }
     }
 
+    let toolsString: string = core.getInput('tools');
+    if (!client.isNullOrWhiteSpace(toolsString)) {
+        let tools = toolsString.split(',');
+        args.push('--tool');
+        for (let i = 0; i < tools.length; i++) {
+            let tool = tools[i];
+            if (!client.isNullOrWhiteSpace(tool)) {
+                args.push(tool.trim());
+            }
+        }
+    }
+
     args.push('--github');
 
     await client.run(args, 'microsoft/security-devops-action');

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,17 @@ function run() {`
`67`	`67`	`}`
`68`	`68`	`}`
`69`	`69`	`}`
	`70`	`+ let toolsString = core.getInput('tools');`
	`71`	`+ if (!client.isNullOrWhiteSpace(toolsString)) {`
	`72`	`+ let tools = toolsString.split(',');`
	`73`	`+ args.push('--tool');`
	`74`	`+ for (let i = 0; i < tools.length; i++) {`
	`75`	`+ let tool = tools[i];`
	`76`	`+ if (!client.isNullOrWhiteSpace(tool)) {`
	`77`	`+ args.push(tool.trim());`
	`78`	`+ }`
	`79`	`+ }`
	`80`	`+ }`
`70`	`81`	`args.push('--github');`
`71`	`82`	`yield client.run(args, 'microsoft/security-devops-action');`
`72`	`83`	`});`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "microsoft-security-devops-action",`
`3`		`- "version": "1.4.0",`
	`3`	`+ "version": "1.5.0",`
`4`	`4`	`"description": "Node dependencies for the microsoft/security-devops-action.",`
`5`	`5`	`"scripts": {`
`6`	`6`	`"test": "mocha"`