simar7
commented
2 years ago hi @ssuganth - that's unusual but it looks like a bug with the GitHub SARIF uploader action. Trivy GitHub Action uses this to send results to the GitHub Security Tab in your repo.
If this is still happening could you try to use the following in your GitHub workflow config:
Upload results to the Github security tab.
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: trivy-results.sarifThis is using the v2 of the upload-sarif action.
Let us know how it goes.
Trivy image scan fails at analysis stage with follow error. Everything was working fine when we tested last week and suddenly it started to fail. Any changes made.
Error: Code Scanning could not process the submitted SARIF file: SARIF URI scheme "jag-role-registry" did not match the checkout URI scheme "file",SARIF URI scheme "jag-role-registry" did not match the checkout URI scheme "file", Error: Code Scanning could not process the submitted SARIF file: SARIF URI scheme "jag-role-registry" did not match the checkout URI scheme "file",SARIF URI scheme "jag-role-registry" did not match the checkout URI scheme "file", at Object.waitForProcessing (/home/runner/work/_actions/github/codeql-action/v1/lib/upload-lib.js:334:19) at async run (/home/runner/work/_actions/github/codeql-action/v1/lib/upload-sarif-action.js:59:13) at async runWrapper (/home/runner/work/_actions/github/codeql-action/v1/lib/upload-sarif-action.js:74:9)
Github workflow code:
name: Build an image from Dockerfile env: COMPOSE_DOCKER_CLI_BUILD: 1 DOCKER_BUILDKIT: 1 run: | docker build -t jag-pcss-common:${{ github.sha }} .
Run Vulnerability Scan usinig Trivy scanner
name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: image image-ref: jag-pcss-common:${{ github.sha }} format: sarif output: trivy-results.sarif exit-code: 1 ignore-unfixed: true severity: HIGH,CRITICAL
Upload results to the Github security tab.