chore: add upload and output of sarif report

ory · Nov 15, 2023 · 4837644 · 4837644
1 parent 33a62bb
commit 4837644
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
@@ -26,8 +26,15 @@ jobs:
           DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-alpine -t oryd/ory:test-vulns .
           rm ory
       - name: Scan image
+        id: scan
         uses: anchore/scan-action@v3
         with:
           image: oryd/ory:test-vulns
           fail-build: true
           severity-cutoff: high
+      - name: Inspect action SARIF report
+        run: cat ${{ steps.scan.outputs.sarif }}      
+      - name: Upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}