Set severity when output is sarif

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Apache License 2.0

789 stars 227 forks source link

Set severity when output is sarif #336

Open austimkelly opened 5 months ago

austimkelly commented 5 months ago

Before this fix the --severity flag and values were not added to the sarif input. Hence, when a default value of 'CRITICAL,HIGH' was supplied, it would simply be ignored and report everything. The result is producing a bunch of noisy alerts, and anin't nobody got time for that!

Before the fix: sarif-no-severity-on-main

with this PR fix: austimkelly-severity-sarif-fix