Skip to content

Commit ddef0cb

Browse files
tdrueztdruez
committed
DEBUG workflow
Signed-off-by: tdruez <[email protected]>
1 parent 1b2ec6a commit ddef0cb

File tree

1 file changed

+18
-10
lines changed

1 file changed

+18
-10
lines changed

.github/workflows/sca-integration-osv.yml

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -28,15 +28,23 @@ jobs:
2828
docker pull alpine:3.17.0
2929
docker save alpine:3.17.0 > alpine_3.17.0.tar
3030
31+
- name: Install OSC-Scanner
32+
run: |
33+
go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest
34+
3135
- name: Run OSV Scanner
32-
uses: docker://ghcr.io/google/osv-scanner-action:v2.2.1
33-
with:
36+
run: |
37+
osv-scanner scan image alpine:3.17.0
38+
39+
# - name: Run OSV Scanner
40+
# uses: docker://ghcr.io/google/osv-scanner-action:v2.2.1
41+
# with:
3442
# args: scan image --archive alpine_3.17.0.tar --format spdx-2-3 --all-packages > osv-scanner.spdx.json || true
35-
args: scan image --archive alpine_3.17.0.tar --format json
36-
37-
- name: Upload SBOM as GitHub Artifact
38-
uses: actions/upload-artifact@v4
39-
with:
40-
name: osv-scanner-sbom-report
41-
path: osv-scanner.cdx.json
42-
retention-days: 20
43+
# args: scan image --archive alpine_3.17.0.tar --format json
44+
45+
# - name: Upload SBOM as GitHub Artifact
46+
# uses: actions/upload-artifact@v4
47+
# with:
48+
# name: osv-scanner-sbom-report
49+
# path: osv-scanner.cdx.json
50+
# retention-days: 20

0 commit comments

Comments
 (0)