When outputting a trivy-results.sarif file, it has root:root permissions, which is likely because the Docker container that executes Trivy is running as root.
Building SARIF report with options: --exit-code 0 --ignore-unfixed --vuln-type os,library ***.dkr.ecr.us-east-1.amazonaws.com/merida:87e4cb552e20775a5f556b83de1bfdfad0e67641
Run ls -lah
total 296K
...snip...
-rw-r--r-- 1 root root 150K Nov 15 19:18 trivy-results.sarif
Error: codeql/upload-sarif action failed: Resource not accessible by integration
If the Docker container cannot be run as non-root, would it be possible to add a step to change the permissions to the output file as part of the action? Thank you.
When outputting a
trivy-results.sarif
file, it has root:root permissions, which is likely because the Docker container that executes Trivy is running as root.Steps:
Output snippets:
If the Docker container cannot be run as non-root, would it be possible to add a step to change the permissions to the output file as part of the action? Thank you.