From 58fc715ccf6e1d5f98db039df3e39db686dc4715 Mon Sep 17 00:00:00 2001
From: Sebastian Graef <segraef@microsoft.com>
Date: Wed, 11 Sep 2024 17:42:43 +1000
Subject: [PATCH] refactor: Update Trivy vulnerability scanner workflow to use
 JSON format for reports and include separate reports for file system and
 configuration scans

---
 .github/workflows/trivy.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 4bbd3cf..d54ef1d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -26,9 +26,9 @@ jobs:
           scan-type: 'fs'
           ignore-unfixed: true
           scan-ref: .
-          format: 'table'
+          format: 'json'
+          scanners: 'vuln,secret,config'
           output: report-fs.sarif
-          severity: 'HIGH,CRITICAL'
 
       - name: Run Trivy vulnerability scanner (config)
         uses: aquasecurity/trivy-action@0.24.0
@@ -36,9 +36,9 @@ jobs:
           scan-type: 'config'
           ignore-unfixed: true
           scan-ref: .
-          format: 'table'
+          format: 'json'
+          scanners: 'vuln,secret,config'
           output: report-config.sarif
-          severity: 'HIGH,CRITICAL'
 
       # - name: Upload Trivy report (fs) GitHub Security
       #   uses: github/codeql-action/upload-sarif@v3