fix(readme): updated ReadME

Enterprise-CMCS · Sep 18, 2024 · 110c06a · 110c06a
1 parent 49c8013
commit 110c06a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -14,7 +14,6 @@ jira-labels:                 Labels to be applied to the created Jira tickets (c
 jira-custom-field-key-value: A JSON string containing key-value pairs of custom fields and their values in Jira.
 assign-jira-ticket-to:       The accountID of a user to assigne a ticket to.
 scan-output-path:            The path to the scan output file.
-snyk-test-type:              The type of Snyk scan being run. Accepts 'open-source', 'iac', or 'container'. Defaults to 'open-source'.
 min-severity:                The minimum severity level a vulnerability must have for a Jira ticket to be created. Accepts 'low', 'medium', 'high', 'critical'.
 ```
 # Usage
@@ -57,4 +56,4 @@ jobs:
 
 Ensure that you have the required secrets (JIRA_HOST, JIRA_USERNAME, and JIRA_TOKEN) configured in your repository's settings so that they can be accessed by the Action script.
 
-The workflow configuration assumes that you are running the security scan command and saving the output to a file named scan-output.json. Adjust the command and file name according to your specific scan tool and configuration. For more information on how to implement a Snyk scan and use it in conjuction with this action, please view [`SNYK.md`](./SNYK.md).
+The workflow configuration assumes that the security scan command is executed, and the output is saved to a file named scan-output.json. The scan test type is automatically detected based on the structure of the scan output for snyk. Currently, supported snyk test types include IaC, open-source, and container scans. You can adjust the command and file name according to your specific scan tool and configuration. For detailed guidance on implementing a Snyk scan and integrating it with this action, please refer to [`SNYK.md`](./SNYK.md).
diff --git a/SNYK.md b/SNYK.md
@@ -110,12 +110,11 @@ First the `snyk` CLI will need to be installed with `npm`. It is then used to ru
     # assign-jira-ticket-to: ''
     scan-output-path: 'snyk_output.txt'
     scan-type: 'snyk'
-    snyk-test-type: 'iac'
     min-severity: 'critical'
     major-version-only: 'true'
 ```
 
-Note that the `snyk-test-type` input has been added. Because the output format of each `snyk` command is different, we must specifiy what kind of Snyk scan is being run to successfully parse the output file and create Jira tickets (if no input is provided for `snyk-test-type`, it defaults to `'open-source'`).
+Note that the scan type is automatically detected based on the output structure of the snyk command and the supported scan test types are "iac", "open-source" and "container".
 
 **Also note:** `snyk iac test` will most likely detect a lot of low and medium severity level vulnerabilities. To keep the Jira ticket creation at a manageable amount, it is advisiable to not set `min-severity` any lower than `'critical'` or `'high'`.
 
@@ -162,7 +161,6 @@ The following example demonstrates how to use `snyk container test` in conjuncti
       is_jira_enterprise: true
       scan-output-path: 'snyk_output.txt'
       scan-type: 'snyk'
-      snyk-test-type: 'container'
       min-severity: 'critical'
       major-version-only: 'true'
 ```
@@ -230,7 +228,6 @@ This example demonstrates how to scan an image that is stored in an ECR reposito
       jira-title-prefix: '[CMCSMACD] - Snyk :'
       is_jira_enterprise: true
       scan-output-path: 'snyk_output.txt'
-      snyk-test-type: 'container'
 ```
 
 ## Exit Codes