Skip to content

Commit 00f556b

Browse files
v1.4.1 (#141)
* (v1.4.1 hotfix) Fix multi-arch container image scanning (#138) * added multi-arch image workflow * disable scan validator * debugging multi arch CICD * added 'platform' argument to action.yml * set action version to investigation branch * test amd64 images * test multi-arch matrix * verify workaround * Add multi-platform validation to prevent regression of platform argument - Add validate_multi_platform_image_support.py script to validate SBOM architecture matches expected platform - Update test_multi_arch_images.yml workflow to validate platform argument is correctly passed through to inspector-sbomgen * re-enable inspector scan validation * remove inspector-scan validator, not applicable * remove boilerplate * test action against multi-arch fix * revert test workflows to v1.4.0 * remove emoji characters from console logs * update workflows to v1.4.1 (#139) * update multi arch test to v1.4.1 (#140) * update version.txt to v1.4.1
1 parent c55a96c commit 00f556b

16 files changed

+151
-13
lines changed

.github/workflows/build_scan_container.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ jobs:
5252
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
5353

5454
- name: Scan built image with Inspector
55-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
55+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
5656
id: inspector
5757
with:
5858
artifact_type: 'container'

.github/workflows/example_display_findings.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
# modify this block to scan your intended artifact
3434
- name: Inspector Scan
3535
id: inspector
36-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
36+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
3737
with:
3838
# change artifact_type to either 'repository', 'container', 'binary', or 'archive'.
3939
# this example scans a container image

.github/workflows/example_vulnerability_threshold_exceeded.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ jobs:
4848

4949
# Inspector scan
5050
- name: Scan container with Inspector
51-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
51+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
5252
id: inspector
5353
with:
5454
artifact_type: 'container' # configure Inspector for scanning a container

.github/workflows/test_archive.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636

3737
- name: Test archive scan
3838
id: inspector
39-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
39+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
4040
with:
4141
artifact_type: 'archive'
4242
artifact_path: 'entrypoint/tests/test_data/artifacts/archives/testData.zip'

.github/workflows/test_binary.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636

3737
- name: Test binary scan
3838
id: inspector
39-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
39+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
4040
with:
4141
artifact_type: 'binary'
4242
artifact_path: 'entrypoint/tests/test_data/artifacts/binaries/inspector-sbomgen'

.github/workflows/test_containers.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636

3737
- name: Test container scan
3838
id: inspector
39-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
39+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
4040
with:
4141
artifact_type: 'container'
4242
artifact_path: 'ubuntu:14.04'

.github/workflows/test_dockerfile_vulns.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535

3636
- name: Scan Dockerfiles
3737
id: inspector
38-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
38+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
3939
with:
4040
artifact_type: 'repository'
4141
artifact_path: './'

.github/workflows/test_installation.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
3333

3434
- name: Test Amazon Inspector GitHub Actions plugin
35-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
35+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
3636
with:
3737
artifact_type: 'container'
3838
artifact_path: 'alpine:latest'
Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
name: Test Multi-arch images
2+
3+
on:
4+
schedule:
5+
- cron: '0 */6 * * *' # runs every 6 hours
6+
push:
7+
branches: #
8+
- '*'
9+
10+
permissions:
11+
contents: read
12+
id-token: write
13+
14+
jobs:
15+
test_multi_arch:
16+
runs-on: ubuntu-latest
17+
environment:
18+
name: plugin-development
19+
strategy:
20+
matrix:
21+
platform:
22+
- "linux/386"
23+
- "linux/amd64"
24+
- "linux/arm/v5"
25+
- "linux/arm/v7"
26+
- "linux/arm64/v8"
27+
- "linux/ppc64le"
28+
- "linux/riscv64"
29+
- "linux/s390x"
30+
31+
steps:
32+
33+
- name: Checkout this repository
34+
uses: actions/checkout@v4
35+
36+
- name: Configure AWS credentials
37+
uses: aws-actions/configure-aws-credentials@v4
38+
with:
39+
aws-region: ${{ secrets.AWS_REGION }}
40+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
41+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
42+
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
43+
44+
- name: Test multi-arch image - ${{ matrix.platform }}
45+
id: inspector
46+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
47+
with:
48+
artifact_type: 'container'
49+
artifact_path: 'debian:trixie'
50+
platform: ${{ matrix.platform }}
51+
display_vulnerability_findings: "enabled"
52+
sbomgen_version: "latest"
53+
54+
- name: Demonstrate SBOM Output (JSON)
55+
run: cat ${{ steps.inspector.outputs.artifact_sbom }}
56+
57+
- name: Display scan results
58+
run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
59+
60+
- name: Validate multi-arch - ${{ matrix.platform }}
61+
run: python3 validator/validate_multi_platform_image_support.py --platform "${{ matrix.platform }}" --sbom "${{ steps.inspector.outputs.artifact_sbom }}"
62+
63+

.github/workflows/test_no_vulns.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Test binary scan
3434
id: inspector
35-
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.0
35+
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.4.1
3636
with:
3737
artifact_type: 'binary'
3838
artifact_path: 'entrypoint/tests/test_data/artifacts/binaries/test_go_binary'

0 commit comments

Comments
 (0)