feat: added upload trivy results to github

filipeforattini · May 3, 2022 · 396a4b0 · 396a4b0
1 parent 9d02436
commit 396a4b0
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/workflows/service-push.yml b/.github/workflows/service-push.yml
@@ -340,7 +340,7 @@ jobs:
           labels: "organization: ${{github.repository_owner}}, repository: ${{github.repository}}, branch: ${{needs.Setup.outputs.Branch}}, commit: ${{needs.Setup.outputs.ShaHash}}, date: ${{needs.Setup.outputs.Date}}, timestamp: ${{needs.Setup.outputs.Timestamp}}"
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@stable
         with:
           image-ref: '${{ steps.node_setup.outputs.docker_main_image }}'
           format: 'table'
@@ -349,6 +349,10 @@ jobs:
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
 
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'
 
   #--------------------------------------------------#
   #                      Deploy                      #