From ebb83086540f35c453dd53ee8ac95a00a883df91 Mon Sep 17 00:00:00 2001
From: James Strong <strong.james.e@gmail.com>
Date: Mon, 8 Aug 2022 16:17:24 -0700
Subject: [PATCH] it seems sarif upload needs git information

Signed-off-by: James Strong <strong.james.e@gmail.com>
---
 .github/workflows/vulnerability-scans.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml
index ee4a5b145..8e588a6d6 100644
--- a/.github/workflows/vulnerability-scans.yaml
+++ b/.github/workflows/vulnerability-scans.yaml
@@ -72,6 +72,9 @@ jobs:
         vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
 
+    - name: Checkout code
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
     # This step checks out a copy of your repository.
     - name: Upload SARIF file
       uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03
@@ -79,10 +82,11 @@ jobs:
         # Path to SARIF file relative to the root of the repository
         sarif_file: trivy-results-${{ matrix.versions }}.sarif
 
-    - name: Image Vulnerability scan output
-      env:
-        TRIVY_COUNT: ${{ steps.trivy-scan.outputs.TRIVY_COUNT }}
+    - name: Vulz Count
+      shell: bash
       run: |
+        TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
+        echo "TRIVY_COUNT: $TRIVY_COUNT"
         echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
         echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY