File tree Expand file tree Collapse file tree 1 file changed +38
-2
lines changed
Expand file tree Collapse file tree 1 file changed +38
-2
lines changed Original file line number Diff line number Diff line change @@ -162,6 +162,8 @@ jobs:
162162
163163security-scan :
164164 name : Security scan
165+ outputs :
166+ sarif_files : ${{ steps.get_sarif_files.outputs.sarif-files }}
165167 runs-on : ubuntu-latest
166168 needs : build
167169 timeout-minutes : 30
@@ -192,7 +194,41 @@ jobs:
192194 cp build/microk8s.snap .
193195 unsquashfs microk8s.snap
194196 trivy rootfs ./squashfs-root/ --format sarif > sarifs/snap.sarif
195- name : Upload Trivy scan results to GitHub Security tab
197+ name : Generate list of SARIF files
198+ id : get_sarif_files
199+ run : |
200+ sarif_files=$(find sarifs -name "*.sarif" -printf "%P\n" | jq -R -s -c 'split("\n") | map(select(length > 0))')
201+ echo "sarif-files=$sarif_files" >> "$GITHUB_OUTPUT"
202+ name : Upload SARIF files artifact
203+ uses : actions/upload-artifact@v4
204+ with :
205+ name : sarifs
206+ path : sarifs
207+ retention-days : 1
208+
209+ upload_sarifs_matrix :
210+ needs : security-scan
211+ runs-on : ubuntu-latest
212+ strategy :
213+ fail-fast : true
214+ matrix :
215+ sarif_file_path : ${{ fromJson(needs.security-scan.outputs.sarif_files) }}
216+ steps :
217+ - name : Checkout repository
218+ uses : actions/checkout@v4
219+ - name : Download SARIF files artifact
220+ uses : actions/download-artifact@v4
221+ with :
222+ name : sarifs
223+ path : sarifs
224+ - name : Prepare SARIF category
225+ id : prepare_category
226+ run : |
227+ sarif_file="${{ matrix.sarif_file_path }}"
228+ base_name=$(basename "$sarif_file" .sarif)
229+ echo "category=$base_name" >> "$GITHUB_OUTPUT"
230+ name : Upload SARIF file
196231 uses : github/codeql-action/upload-sarif@v3
197232 with :
198- sarif_file : " sarifs"
233+ sarif_file : sarifs/${{ matrix.sarif_file_path }}
234+ category : ${{ steps.prepare_category.outputs.category }}
You can’t perform that action at this time.
0 commit comments