5656 matrix :
5757 versions : ${{ fromJSON(needs.version.outputs.versions) }}
5858 steps :
59+ - name : Checkout code
60+ uses : actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
61+
5962 - shell : bash
6063 id : test
6164 run : echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}"
@@ -66,29 +69,27 @@ jobs:
6669 with :
6770 image-ref : registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }}
6871 format : ' sarif'
69- output : trivy-results-${{ matrix.versions }}.sarif
72+ output : ${{ github.workspace }}/ trivy-results-${{ matrix.versions }}.sarif
7073 exit-code : 0
7174 vuln-type : ' os,library'
7275 severity : ' CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
7376
7477 - name : Output Sarif File
7578 shell : bash
76- run : cat trivy-results-${{ matrix.versions }}.sarif
77-
78- - name : Checkout code
79- uses : actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
79+ run : cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
8080
8181 # This step checks out a copy of your repository.
8282 - name : Upload SARIF file
8383 uses : github/codeql-action/upload-sarif@0c670bbf0414f39666df6ce8e718ec5662c21e03
8484 with :
85+ token : ${{ github.token }}
8586 # Path to SARIF file relative to the root of the repository
86- sarif_file : trivy-results-${{ matrix.versions }}.sarif
87+ sarif_file : ${{ github.workspace }}/ trivy-results-${{ matrix.versions }}.sarif
8788
8889 - name : Vulz Count
8990 shell : bash
9091 run : |
91- TRIVY_COUNT=$(cat trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
92+ TRIVY_COUNT=$(cat ${{ github.workspace }}/ trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length')
9293 echo "TRIVY_COUNT: $TRIVY_COUNT"
9394 echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
9495 echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY
0 commit comments