How can I send Trivy scan results to another cloud-native / open-source security product?

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Apache License 2.0

825 stars 238 forks source link

How can I send Trivy scan results to another cloud-native / open-source security product? #62

Open dshuvar opened 3 years ago

dshuvar commented 3 years ago

For example, this part of code for github action send scan result to GH security tab your repo.

- name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: 'payment-service-trivy-results.sarif'

How can I send Trivy scan results to another (something other than github security) cloud-native / open-source security product/panel?

simar7 commented 3 years ago

hi @dshuvar - the current implementation uses github/codeql-action/upload-sarif which is a GitHub action to upload sarif results to GitHub security panel as you mentioned.

There might be other actions available out there for your use or you could simply do a curl POST request to an endpoint you want to send to in order to do this. The GitHub sarif report is available inside of the runtime workspace when the GitHub Actions runs.