From 4837644fa398feb5e1fc4c9c8ae76292cc237ad6 Mon Sep 17 00:00:00 2001 From: Andreas Bucksteeg Date: Wed, 15 Nov 2023 11:53:55 +0100 Subject: [PATCH] chore: add upload and output of sarif report --- .github/workflows/cve-scan.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index c6ec0a60..bb723f54 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -26,8 +26,15 @@ jobs: DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-alpine -t oryd/ory:test-vulns . rm ory - name: Scan image + id: scan uses: anchore/scan-action@v3 with: image: oryd/ory:test-vulns fail-build: true severity-cutoff: high + - name: Inspect action SARIF report + run: cat ${{ steps.scan.outputs.sarif }} + - name: Upload Anchore scan SARIF report + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.scan.outputs.sarif }} \ No newline at end of file