Skip to content

Commit

Permalink
Fix grype docker scan action json output
Browse files Browse the repository at this point in the history
  • Loading branch information
@saisatishkarra
saisatishkarra committed Jun 20, 2023
1 parent 51787ce commit fb3abcf
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 17 deletions.
26 changes: 13 additions & 13 deletions code-check-actions/rustcheck/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ runs:

# Don't fail during report generation
- name: Vulnerability analysis of SBOM
uses: anchore/scan-action@v3.3.4
uses: anchore/scan-action@v3.3.5
id: grype_analysis_sarif
if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
with:
Expand All @@ -147,7 +147,7 @@ runs:
# Don't fail during report generation
# JSON format will report any ignored rules
- name: Vulnerability analysis of SBOM
uses: anchore/scan-action@v3.3.4
uses: anchore/scan-action@v3.3.5
id: grype_analysis_json
if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
with:
Expand All @@ -160,7 +160,7 @@ runs:
uses: andstor/file-existence-action@v2
id: grype_report
with:
files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.report }}"
files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.json }}"
fail: true

# Grype CVE Action generates an ./results.sarif or ./results.report and no way to customize output file name
Expand All @@ -169,7 +169,16 @@ runs:
shell: bash
run: |
mv ${{ steps.grype_analysis_sarif.outputs.sarif }} ${{ steps.meta.outputs.grype_sarif_file }}
mv ${{ steps.grype_analysis_json.outputs.report }} ${{ steps.meta.outputs.grype_json_file }}
mv ${{ steps.grype_analysis_json.outputs.json }} ${{ steps.meta.outputs.grype_json_file }}
- name: Upload SARIF CVE analysis file to CodeQL
if: ${{ github.event.repository.visibility == 'public' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.meta.outputs.grype_sarif_file }}
# Optional category for the results
# Used to differentiate multiple results for one commit
category: sca_rust

- name: Upload grype analysis report
uses: actions/upload-artifact@v3
Expand All @@ -187,15 +196,6 @@ runs:
path: |
${{ steps.meta.outputs.grype_json_file }}
if-no-files-found: warn

- name: Upload SARIF CVE analysis file to CodeQL
if: ${{ github.event.repository.visibility == 'public' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.meta.outputs.grype_sarif_file }}
# Optional category for the results
# Used to differentiate multiple results for one commit
category: sca_rust

# Fail based on severity and input parameters
# Notify grype quick scan results in table format
Expand Down
8 changes: 4 additions & 4 deletions security-actions/scan-docker-image/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ runs:

# Don't fail during report generation
- name: Vulnerability analysis of SBOM
uses: anchore/scan-action@v3.3.4
uses: anchore/scan-action@v3.3.5
id: grype_analysis_sarif
if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
with:
Expand All @@ -123,7 +123,7 @@ runs:
# Don't fail during report generation
# JSON format will report any ignored rules
- name: Vulnerability analysis of SBOM
uses: anchore/scan-action@v3.3.4
uses: anchore/scan-action@v3.3.5
id: grype_analysis_json
if: ${{ steps.sbom_report.outputs.files_exists == 'true' }}
with:
Expand All @@ -136,7 +136,7 @@ runs:
uses: andstor/file-existence-action@v2
id: grype_report
with:
files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.report }}"
files: "${{ steps.grype_analysis_sarif.outputs.sarif }}, ${{ steps.grype_analysis_json.outputs.json }}"
fail: true

# Grype CVE Action generates an ./results.sarif or ./results.report and no way to customize output file name
Expand All @@ -145,7 +145,7 @@ runs:
shell: bash
run: |
mv ${{ steps.grype_analysis_sarif.outputs.sarif }} ${{ steps.meta.outputs.grype_sarif_file }}
mv ${{ steps.grype_analysis_json.outputs.report }} ${{ steps.meta.outputs.grype_json_file }}
mv ${{ steps.grype_analysis_json.outputs.json }} ${{ steps.meta.outputs.grype_json_file }}
- name: Upload grype analysis report
uses: actions/upload-artifact@v3
Expand Down

0 comments on commit fb3abcf

Please sign in to comment.