From 67af072709180868436b90b9e7c293651ea65aca Mon Sep 17 00:00:00 2001
From: zhzhuang-zju <m17799853869@163.com>
Date: Wed, 18 Oct 2023 15:57:56 +0800
Subject: [PATCH] ci: upload trivy scan results to GitHub Security tab

Signed-off-by: zhzhuang-zju <m17799853869@163.com>
---
 .github/workflows/ci-image-scanning.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-image-scanning.yaml b/.github/workflows/ci-image-scanning.yaml
index 0e92230f7b9d..9d68e1fc8dae 100644
--- a/.github/workflows/ci-image-scanning.yaml
+++ b/.github/workflows/ci-image-scanning.yaml
@@ -33,7 +33,11 @@ jobs:
         uses: aquasecurity/trivy-action@0.12.0
         with:
           image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
-          format: 'table'
+          format: 'sarif'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          exit-code: '1'
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'