it seems sarif upload needs git information
Signed-off-by: James Strong <strong.james.e@gmail.com>
This commit is contained in:
James Strong
parent
932320cf44
commit
ebb8308654
1 changed files with 7 additions and 3 deletions
10
.github/workflows/vulnerability-scans.yaml
vendored
10
.github/workflows/vulnerability-scans.yaml
vendored
|
|
@ -72,6 +72,9 @@ jobs:
|
|||
vuln-type: 'os,library'
|
||||
severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||
|
||||
# This step checks out a copy of your repository.
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03
|
||||
|
|
@ -79,10 +82,11 @@ jobs:
|
|||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: trivy-results-${{ matrix.versions }}.sarif
|
||||
|
||||
- name: Image Vulnerability scan output
|
||||
env:
|
||||
TRIVY_COUNT: ${{ steps.trivy-scan.outputs.TRIVY_COUNT }}
|
||||
- name: Vulz Count
|
||||
shell: bash
|
||||
run: |
|
||||
TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
|
||||
echo "TRIVY_COUNT: $TRIVY_COUNT"
|
||||
echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
|
||||
echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
|
|
|
|||
Loading…
Reference in a new issue