run images scanning

Author: DenKoren

.github/workflows/0-scan-containers.yaml

@@ -0,0 +1,21 @@
+# This workflow is never used by any external repository.
+# It is created solely for testing purposes when developing new actions.
+# Feel free to change it however you want.
+name: "Scan containers"
+
+on:
+  workflow_call:
+  push:
+    paths:
+      - '.github/workflows/0-scan-containers.yaml'
+    branches: [ 'v4-beta' ]
+
+jobs:
+  run-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: milaboratory/github-ci/actions/docker/scan-repo@v4-beta
+        with:
+          registry: containers.pl-open.science
+          repository: milaboratories/pl-containers

actions/docker/scan-repo/action.yaml

@@ -11,13 +11,11 @@ inputs:
   registry:
     description: |
       Docker registry (i.e. quay.io, containers.pl-open.science and so on)
-    required: false
-    default: 'containers.pl-open.science'
+    required: true
   repository:
     description: |
       Repository inside the registry (i.e. milaboratories/pl-containers)
-    required: false
-    default: 'milaboratories/pl-containers'
+    required: true
   tag:
     description: |
       Tag to scan. Empty value starts all tags scanning.
@@ -55,7 +53,7 @@ inputs:
     description: |
       Format of the report.
     required: false
-    default: 'table'
+    default: 'json'
 
 outputs:
   report:

actions/docker/scan-repo/scan-images.sh

@@ -154,7 +154,8 @@ if [ "${success}" == "true" ]; then
     exit 0
 fi
 
-if [ -n "${REPORT_FILE}" ]; then
+log "Found issues in scanned images."
+if [ -n "${REPORT_FILE}" ] && [ "${REPORT_FORMAT}" == "json" ]; then
     log ""
     log "CVEs found:"
     cat "${REPORT_FILE}" |