Open robert-scheck opened 2 years ago
@pulkitaggarwl - Seeking your thoughts on this feature request.
This issue is idle because it has been open for 14 days with no activity.
thanks @robert-scheck for raising the ask. we dont have this as part of our backlog currently. would you be willing to contribute to the action to add this functionality.
This issue is idle because it has been open for 14 days with no activity.
@pulkitaggarwl, I would have contributed this already, if I would have been able to implement it myself. As of writing I'm using now aquasecurity/trivy-action@master directly.
Hi there ! I was also interested in this feature. Before seeing this issue, I set out to build this other Action to convert the output to SARIF. It should therefore be possible to support SARIF and upload the output to GitHub Code Scanning, by adding a new step in your Workflows, like so:
- name: Scan Container Image
id: scan
uses: Azure/container-scan@v0.1
with:
image-name: my-container-image
- name: Convert Container Scan Report to SARIF
id: scan-to-sarif
uses: rm3l/container-scan-to-sarif-action@v1
if: ${{ always() }}
with:
input-file: ${{ steps.scan.outputs.scan-report-path }}
- name: Upload SARIF reports to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
if: ${{ always() }}
with:
sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}
Let me know your thoughts about this.
This issue is idle because it has been open for 14 days with no activity.
+1 to this request; would like to see sarif output so I can upload the results to GitHub Advanced Security. I would imagine that it would be trivial to add this feature, as this action uses the trivy scanning engine, and there's another trivy scanning action that indeed has sarif output: https://github.com/aquasecurity/trivy-action
This issue is idle because it has been open for 14 days with no activity.
Is there any chance for SARIF support (SARIF-compatible output file)? That would allow to use
github/codeql-action/upload-sarif@v1
in workflows, e.g.:See also: https://docs.github.com/en/code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github