search

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Apache License 2.0
729 stars 216 forks source link

htlm template is not rendered appropriately in GHA summary #361

Open pantelis-karamolegkos opened 1 month ago

pantelis-karamolegkos commented 1 month ago

I am using the action as follows:

    - name: scan the image
      uses: aquasecurity/trivy-action@0.20.0
      with:
        image-ref: ${{ inputs.image }} 
        format: template
        template: "@.github/templates/html.tpl"
        output: trivy.html
        ignore-unfixed: true
        scan-type: image
        vuln-type: 'os,library'
        severity: 'HIGH'
        exit-code: ${{ inputs.exit_code }}

  -  name: send results to job summary
      shell: bash
      if: always()
      run: cat trivy.html >> $GITHUB_STEP_SUMMARY

The @.github/templates/html.tpl is a copy paste from this one.

However, this is not rendered as expected in the workflow run summary as the script appears in the top of the page

starting from this line up until this line

I am I off in using it or is it an issue with the template?