GitHub Action for adding Twistlock Scan Results to job summary
GitHub Action to convert Twistlock's JSON scan results to markdown to add to the job summary
Overview
I was working with a customer recently who was using Twistlock / Prisma Cloud Scan to scan their Docker containers. Some CLI tools, like Checkmarx’s cx scan create <params> --report-format markdown, allow you to output the scan results in a markdown format natively. This is useful for adding the scan results to the job summary in GitHub Actions or even posting as a comment on a PR.
The Twistlock CLI, however, does not have this feature. We can save the scan results as a JSON file, but we have to convert it to markdown ourselves. Luckily, there’s a npm package json2md that will do most of the heavy lifting! I created a custom type function using json2md to convert the specialized JSON that the twistcli scan <params> --output-file scan-results.json command creates to an easy-to-read markdown table.
The Action
To make it easier to use this in GitHub Actions, I wrapped this in an Action published to the marketplace. It takes the JSON scan result file as an input. Then, the action creates two markdown tables:
- A table with high-level summary of the scan information, link to results, and sum of vulnerabilities by severity
- A table with detailed information on each vulnerability found in the scan
The action has two outputs:
summary-table: File location to the summary tablevulnerability-table: File location to the vulnerability table
You can then use these outputs in a subsequent step to add the tables to the job summary or post as a comment on a PR.
Usage
The sample below shows how to add the generated markdown tables to the job summary.
1
2
3
4
5
6
7
8
9
10
11
steps:
- run: twistcli scan <params> --output-file scan-results.json
- name: convert-twistlock-json-results-to-markdown
id: convert-twistlock-results
uses: joshjohanning/twistlock-results-json-to-markdown-action@v1
with:
results-json-path: scanresults.json
- name: write to job summary
run: |
cat ${{ steps.convert-twistlock-results.outputs.summary-table }} >> $GITHUB_STEP_SUMMARY
cat ${{ steps.convert-twistlock-results.outputs.vulnerability-table }} >> $GITHUB_STEP_SUMMARY
This shows up in the job summary like this: 
Twistlock scan results in the Actions job summary
Adding as a PR Comment
I really like using the marocchino/sticky-pull-request-comment action to post comments on PRs:
Create a comment on a pull request, if it exists update that comment.
To instead post the summary table as a comment in a pull request, you can use the following:
1
2
3
4
5
6
7
8
9
10
11
steps:
- run: twistcli scan <params> --output-file scan-results.json
- name: convert-twistlock-json-results-to-markdown
id: convert-twistlock-results
uses: joshjohanning/twistlock-results-json-to-markdown-action@v1
with:
results-json-path: scanresults.json
- uses: marocchino/sticky-pull-request-comment@v2
if: github.event_name == 'pull_request'
with:
path: ${{ steps.convert-twistlock-results.outputs.summary-table }}
You could alternatively use the gh cli instead of a marketplace action to post the comment (though this won’t update the existing comment, it will create a new comment every time the job is triggered in a PR).
1
2
3
4
5
6
7
8
9
10
11
12
13
steps:
- run: twistcli scan <params> --output-file scan-results.json
- name: convert-twistlock-json-results-to-markdown
id: convert-twistlock-results
uses: joshjohanning/twistlock-results-json-to-markdown-action@v1
with:
results-json-path: scanresults.json
- name: create pr comment
if: github.event_name == 'pull_request'
run: |
gh pr comment ${{ github.event.number }} \
-R ${{ github.repository }}\
-F ${{ steps.convert-twistlock-results.outputs.summary-table }}
Summary
Drop a comment here or an issue or PR on my repo if you have any feedback or suggestions! Happy security scanning! 🛡️