.github/workflows/test-fetch-inspector-results.yml

name: Scan EC2 Instances with Amazon Inspector
on: [push]
jobs:
 daily_job:
   runs-on: ubuntu-latest

   # change this to match your GitHub Secrets environment
   environment:
     name: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}

   steps:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-region: "us-east-1"
         role-to-assume: "arn:aws:iam::<AWS_ACCOUNT_ID>:role/<IAM_ROLE_NAME>"

     - name: Checkout this repository
       uses: actions/checkout@v4

     - name: Inspector Scan
       id: inspector
       uses: austinsonger/EC2-Vulnerability-Scan-GitHub-Action-for-Amazon-Inspector@v0.0.1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ secrets.AWS_REGION }}
         assessment-run-arn: 'arn:aws:inspector:us-west-2:123456789012:assessment-run/assessment-run-id'
         agentless: true # Set to true to use agentless scans

         # Jira integration parameters (optional)
         jira-url: ${{ secrets.JIRA_URL }}
         jira-username: ${{ secrets.JIRA_USERNAME }}
         jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
         jira-project-key: ${{ secrets.JIRA_PROJECT_KEY }}

         display_vulnerability_findings: "enabled"

         critical_threshold: 1
         high_threshold: 1
         medium_threshold: 1
         low_threshold: 1
         other_threshold: 1

     - name: Display Inspector vulnerability scan results (JSON)
       run: cat ${{ steps.inspector.outputs.inspector_scan_results }}

     - name: Display Inspector vulnerability scan results (CSV)
       run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}

     - name: Display Inspector vulnerability scan results (Markdown)
       run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}

     - name: Upload Scan Results
       uses: actions/upload-artifact@v4
       with:
         name: Inspector Vulnerability Scan Artifacts
         path: |
           ${{ steps.inspector.outputs.inspector_scan_results }}
           ${{ steps.inspector.outputs.inspector_scan_results_csv }}
           ${{ steps.inspector.outputs.inspector_scan_results_markdown }}

     - name: On vulnerability threshold exceeded
       run: echo ${{ steps.inspector.outputs.vulnerability_threshold_exceeded }}