DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sarif upload issues

Browse source 
Signed-off-by: James Strong <strong.james.e@gmail.com>
This commit is contained in:
James Strong 2022-08-08 17:04:59 -07:00
parent e55a84e8a0
commit 1d2fa93856
No known key found for this signature in database
GPG key ID: 11048BF1C893BC89
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -56,6 +56,9 @@ jobs:
matrix: matrix:
versions: ${{ fromJSON(needs.version.outputs.versions) }} versions: ${{ fromJSON(needs.version.outputs.versions) }}
steps: steps:
- name: Checkout code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- shell: bash - shell: bash
id: test id: test
run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
@ -66,29 +69,27 @@ jobs:
with: with:
image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
format: 'sarif' format: 'sarif'
output: trivy-results-${{ matrix.versions }}.sarif output: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
exit-code: 0 exit-code: 0
vuln-type: 'os,library' vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
- name: Output Sarif File - name: Output Sarif File
shell: bash shell: bash
run: cat trivy-results-${{ matrix.versions }}.sarif run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
- name: Checkout code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
# This step checks out a copy of your repository. # This step checks out a copy of your repository.
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03 uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03
with: with:
token: ${{ github.token }}
# Path to SARIF file relative to the root of the repository # Path to SARIF file relative to the root of the repository
sarif_file: trivy-results-${{ matrix.versions }}.sarif sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
- name: Vulz Count - name: Vulz Count
shell: bash shell: bash
run: | run: |
TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
echo "TRIVY_COUNT: $TRIVY_COUNT" echo "TRIVY_COUNT: $TRIVY_COUNT"
echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY