From fcf346a85ffc5603c2e1a738908dec547f320742 Mon Sep 17 00:00:00 2001
From: vishal <96466743+vishalops87@users.noreply.github.com>
Date: Wed, 21 Aug 2024 17:20:43 +0530
Subject: [PATCH] Update maven-build.yml

---
 .github/workflows/maven-build.yml | 69 ++++++++++++++++---------------
 1 file changed, 35 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
index 4758ac534..4ffce50d0 100644
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@@ -1,41 +1,17 @@
-name: 'vulnability-scan'
+name: 'vulnerability-scan'
+
 on:
-  pull_request:*
-  push:*
+  pull_request:
+    branches: ['**']
+  push:
+    branches: ['**']
 
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          severity: 'HIGH,CRITICAL'
-          ignore-unfixed: true
-          format: 'json'
-          output: 'result.json'
-      - uses: CemitDigital/trivy-report-issue-action@v1.1
-        with:
-          # Token passed by GitHub actions, required for access to GitHub issues
-          token: ${{ secrets.TOKEN }}
-
-          # File with scan results
-          input-filename: "result.json"
-
-          # Label name
-          # Default: vulnerability (this label must be created in advance)
-          label: 'vulnerability'
-
-          # Assignees, comma separated
-          # Default: ''
-          # Example: 'monalisa,hubot'
-          assignee: ''
-
-          # If set the new issues will be assigned to the specified project
-          # Default: ''
-          project-id: ''
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@0.20.0
@@ -43,11 +19,36 @@ jobs:
           scan-type: 'fs'
           ignore-unfixed: true
           format: 'sarif'
-          output: 'trivy-results.sarif'
           # exit-code: '1'
+          output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: 'trivy-results.sarif'
+      
+      - name: create issue in github
+        uses: knqyf263/trivy-issue-action@v0.0.6
+        with:
+          # Label name
+          # Default: vulnerability (this label must be created in advance)
+          label: 'vulnerability'
+
+          # Severities of vulnerabilities to be registered to GitHub Issues
+          # Default: 'CRITICAL'
+          severity: 'CRITICAL,HIGH'
+          
+          # Comma separated list of directories where traversal is skipped
+          # Default: ''
+          # Example: 'tests, integration-tests'
+          skip-dirs: ''
+
+          # Assignees
+          # Default: ''
+          # Example: 'monalisa,hubot'
+          assignee: ''
+
+          # Project ID to which the created Issue will be tied.
+          # Default: ''
+          project-id: ''