From 850caf46b0d094a9a7cb1fca4d03b54602da9ad7 Mon Sep 17 00:00:00 2001
From: Dan Alima <ddalimaspam@gmail.com>
Date: Sat, 30 Dec 2023 16:48:49 +0200
Subject: [PATCH] upload trivy-results.sarif to GitHub Security, and tag Docker
 image

---
 .github/workflows/maven-build.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
index 2e3a3a4d9..699769735 100644
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@@ -32,14 +32,19 @@ jobs:
 
       - name: Package the project as a runnable Docker image
         run: ./mvnw spring-boot:build-image
-      - name: Set up JFrog CLI
-        uses: jfrog/setup-jfrog-cli@v3
       - name: Scan the project with your preferred SCA tool
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'docker.io/library/spring-petclinic:3.2.0-SNAPSHOT'
-          format: 'table'
-          exit-code: '1'
+          image-ref: 'docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Tag Docker image
+        run: docker tag docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment my_repo/spring-petclinic:3.2.0-JFrog_Assignment