SCAN-5495 : Expose timeout option. (#2)

Contrast-Security-OSS · Feb 14, 2024 · a232298 · a232298
1 parent e4d9c7a
commit a232298
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -109,11 +109,12 @@ up. After which, complete the following steps:
 - checks : If set, GitHub checks will be added to the current commit based on any vulnerabilities found.
 - codeQuality : Passes the -q option to the Contrast local scanner to include code quality rules in the scan.
 - label : Label to associate with the current scan. Defaults to the current ref e.g. **refs/heads/main**
-- memory : Memory setting passed to the underlying scan engine. Defaulted to 2g.
+- memory : Memory setting passed to the underlying scan engine. Defaulted to 8g.
 - path : Path to scan with Contrast local scanner. Defaults to the current repository path.
 - projectName : Project to associate scan with. Defaults to current GitHub repository name e.g. **Contrast-Security-OSS/contrast-local-scan-action**
 - resourceGroup : Passes the -r option to the Contrast local scanner to associate newly created projects with the specified resource group.
 - severity : Set this to cause the build to fail if vulnerabilities are found at this severity or higher. Valid values are critical, high, medium, low, note.
+- timeout: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes.
 
 
 

diff --git a/action.yml b/action.yml
@@ -30,7 +30,7 @@ inputs:
   label:
     description: Label to associate with the current scan. Defaults to the current ref e.g. refs/heads/main
   memory:
-    description: Memory setting passed to the underlying scan engine. Defaulted to 2g
+    description: Memory setting passed to the underlying scan engine. Defaulted to 8g
     required: false
   path:
     description: Path to scan with local scanner. Defaults to the current repository path.
@@ -52,6 +52,9 @@ inputs:
       Set this to cause the build to fail if vulnerabilities are found exceeding this severity or higher. 
       Valid values are CRITICAL, HIGH, MEDIUM, LOW, NOTE.
     required: false
+  timeout:
+    description: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes.
+    required: false
   token:
     description: >
       GitHub token for GitHub API requests. Defaults to GITHUB_TOKEN.

diff --git a/src/config.js b/src/config.js
@@ -20,7 +20,7 @@ const codeQuality = core.getBooleanInput("codeQuality");
 const label = core.getInput("label") || process.env.GITHUB_REF;
 
 // Pinning the local scanner version
-const localScannerVersion = "1.0.7";
+const localScannerVersion = "1.0.8";
 
 const memory = core.getInput("memory");
 const path = core.getInput("path") || process.env.GITHUB_WORKSPACE;
@@ -29,6 +29,7 @@ const projectName =
 const resourceGroup = core.getInput("resourceGroup");
 const severity = core.getInput("severity")?.toLowerCase() || undefined;
 const strategy = core.getInput("strategy") || "project";
+const timeout = core.getInput("timeout");
 const title = "Contrast Local Scan";
 const token = core.getInput("token");
 
@@ -50,6 +51,7 @@ module.exports = {
   resourceGroup,
   severity,
   strategy,
+  timeout,
   title,
   token,
 };
diff --git a/src/scan.js b/src/scan.js
@@ -17,6 +17,7 @@ const {
   resourceGroup,
   severity,
   strategy,
+  timeout,
   title,
 } = require("./config");
 
@@ -51,6 +52,10 @@ function scanOpts(jar) {
     options.push("--memory", memory);
   }
 
+  if (timeout) {
+    options.push("--timeout", timeout);
+  }
+
   if (resourceGroup) {
     options.push("-r", resourceGroup);
   }