Support convert command

[ngraef]

Feature Request

Support the convert command available in trivy CLI.

Use Case

I have a workflow that does a repo scan and outputs JSON to a file for analysis. I also want to get the results in table format to post as a PR comment. Using the trivy CLI, this can be done with the convert command. convert does not appear to be officially supported by aquasecurity/trivy-action; however, I can make it work with the current version using the following options:

# `convert` is not officially supported by the action, but we can make it work
# by using `image-ref` for input file and clearing the default `vuln-type` arg
- uses: aquasecurity/[email protected]
  with:
    scan-type: convert
    vuln-type: ""
    image-ref: results.json
    format: table
    output: table.txt

It would be nice to have argument names that make sense for convert.

[ngraef]

With the recent rewrite of the action, convert works as expected with the scan-* inputs. However, there is now an issue if a previous step in the run uses format: json. This works for me:

- uses: aquasecurity/[email protected]
  env:
    # The 'format' input below does not set the env var because 'table' is the default, but
    # the env is still set to 'json' from the previous action step, so we need to override it.
    TRIVY_FORMAT: table
  with:
    scan-type: convert
    scan-ref: results.json
    format: table
    output: table.txt

[idkman23]

env:
# The 'format' input below does not set the env var because 'table' is the default, but
# the env is still set to 'json' from the previous action step, so we need to override it.

Isn't this another bug that you've discovered? The format input should be changed to table and we shouldn't need to specify it again in TRIVY_FORMAT.

[ngraef]

Isn't this another bug that you've discovered? The format input should be changed to table and we shouldn't need to specify it again in TRIVY_FORMAT.

Yup. Looks like it's already been reported as #438.