Fix trivy table log output

.docs/cve_scan.md

@@ -21,6 +21,7 @@ release_branch - Optional. Set minor version of release you want to scan. e.g.:
 scan_several_lastest_releases - Optional. Whether to scan last several releases or not. true/false. For scheduled pipelines it is always true. Default is: false.
 latest_releases_amount - Optional. Number of latest releases to scan. Default is: 3
 severity - Optional. Vulnerabilities severity to scan. Default is: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+TRIVY_REPORTS_LOG_OUTPUT - 0 - no output, 1 - only CVE, 2 - CVE & License. Output Trivy reports into CI job log, default - 2
 ```
 
 ### Job level

cve_scan/action.yml

@@ -52,6 +52,9 @@ inputs:
   module_dev_registry_custom_path:
     description: 'Module custom path in dev registry. Example: flant/modules'
     required: false
+  trivy_reports_log_output:
+    description: '0 - no output, 1 - only CVE, 2 - CVE & License. Output Trivy reports into CI job log, default - 2'
+    required: false
 
 runs:
   using: "composite"
@@ -76,6 +79,7 @@ runs:
         SEVERITY: "${{inputs.severity || 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'}}"
         MODULE_PROD_REGISTRY_PATH: "${{inputs.module_prod_registry_custom_path || 'deckhouse/fe/modules'}}"
         MODULE_DEV_REGISTRY_PATH: "${{inputs.module_dev_registry_custom_path || 'sys/deckhouse-oss/modules'}}"
+        TRIVY_REPORTS_LOG_OUTPUT: "${{inputs.trivy_reports_log_output || '2'}}"
       run: |
         echo "Creating workdir"
         workdir="trivy_scan"
@@ -296,32 +300,36 @@ runs:
             IMAGE_HASH="$(jq -rc '.value' <<< "$line")"
 
             if [ "$additional_image_detected" == true ]; then
-              if [ "${TRIVY_REPORTS_LOG_OUTPUT}" != "false" ]; then
+              if [ "${TRIVY_REPORTS_LOG_OUTPUT}" -ne 0 ]; then
                 # CVE Scan
                 trivy_scan "table" "--scanners vuln" "" "${module_image}:${module_tag}"
-                # License scan
-                trivy_scan "table" "--scanners license --license-full" "" "${module_image}:${module_tag}"
+                # if [ "${TRIVY_REPORTS_LOG_OUTPUT}" -eq 2 ]; then
+                #   # License scan
+                #   trivy_scan "table" "--scanners license --license-full" "" "${module_image}:${module_tag}"
+                # fi
               fi
               # CVE Scan
               trivy_scan "json" "--scanners vuln" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report.json" "${module_image}:${module_tag}"
               # License scan
-              trivy_scan "json" "--scanners license --license-full" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${module_image}:${module_tag}"
+              # trivy_scan "json" "--scanners license --license-full" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${module_image}:${module_tag}"
             else
-              if [ "${TRIVY_REPORTS_LOG_OUTPUT}" != "false" ]; then
+              if [ "${TRIVY_REPORTS_LOG_OUTPUT}" -ne 0 ]; then
                 # CVE Scan
                 trivy_scan "table" "--scanners vuln" "" "${module_image}@${IMAGE_HASH}"
-                # License scan
-                trivy_scan "table" "--scanners license --license-full" "" "${module_image}@${IMAGE_HASH}"
+                # if [ "${TRIVY_REPORTS_LOG_OUTPUT}" -eq 2 ]; then
+                #   # License scan
+                #   trivy_scan "table" "--scanners license --license-full" "" "${module_image}@${IMAGE_HASH}"
+                # fi
               fi
               # CVE Scan
               trivy_scan "json" "--scanners vuln" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report.json" "${module_image}@${IMAGE_HASH}"
               # License scan
-              trivy_scan "json" "--scanners license --license-full" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${module_image}@${IMAGE_HASH}"
+              # trivy_scan "json" "--scanners license --license-full" "--output ${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${module_image}@${IMAGE_HASH}"
             fi
             echo "    Done"
 
             send_report "CVE" "${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report.json" "${MODULE_NAME}" "${IMAGE_NAME}"
-            send_report "License" "${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${MODULE_NAME}" "${IMAGE_NAME}"
+            # send_report "License" "${module_reports}/ext_${MODULE_NAME}_${IMAGE_NAME}_report_license.json" "${MODULE_NAME}" "${IMAGE_NAME}"
           done < <(jq -rc 'to_entries[]' <<< "${digests}")
         done
         rm -r ${workdir}