github-actions[bot]
commented
2 years ago This issue is idle because it has been open for 14 days with no activity.
Open olarende-tink opened 2 years ago
github-actions[bot]
commented
2 years ago This issue is idle because it has been open for 14 days with no activity.
Currently, the container-scan step sets the output variable
steps.container-scan.outputs.scan-report-pathwhich is useful for finding the report file for uploading purposes. However, I'd like to have an output showing whether the scan passed or failed (found/did not find vulnerabilities and best practice violations) so that I can use that as the input for a conditional expression in a later workflow step (e.g. post a message in a pull request comments thread if the scan failed).My suggestion is to set an output named
steps.container-scan.outputs.scan-resulttotrueorfalsedepending on the scan outcome. Ideally it would also take theseverity-thresholdinput into account as well.