upload trivy-results.sarif to GitHub Security, and tag Docker image

2025-07-24 00:35:49 +00:00 · 2023-12-30 16:48:49 +02:00 · 2023-12-30 16:48:49 +02:00 · 850caf46b0
commit 850caf46b0
parent 823f7a88e4
1 changed files with 10 additions and 5 deletions
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@ -32,14 +32,19 @@ jobs:

      - name: Package the project as a runnable Docker image
        run: ./mvnw spring-boot:build-image
-      - name: Set up JFrog CLI
-        uses: jfrog/setup-jfrog-cli@v3
      - name: Scan the project with your preferred SCA tool
        uses: aquasecurity/trivy-action@master
        with:
-          image-ref: 'docker.io/library/spring-petclinic:3.2.0-SNAPSHOT'
-          format: 'table'
-          exit-code: '1'
+          image-ref: 'docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Tag Docker image
+        run: docker tag docker.io/library/spring-petclinic:3.2.0-JFrog_Assignment my_repo/spring-petclinic:3.2.0-JFrog_Assignment