ci(sarif): upload SARIF files

thomasleplus · thomasleplus · commit 39454079855d · 2025-09-24T12:25:41.000+02:00
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -69,3 +69,10 @@ jobs:
         uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
         with:
           category: "/language:${{matrix.language}}"
+
+      - name: "Upload artifacts"
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: CodeQL SARIF files
+          path: ../results
+          retention-days: 5
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -34,6 +34,12 @@ jobs:
         uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
         with:
           should-scan-archives: true
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: DevSkim SARIF file
+          path: devskim-results.sarif
+          retention-days: 5
       - name: Upload DevSkim scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
         with:
diff --git a/.github/workflows/msdo.yml b/.github/workflows/msdo.yml
@@ -29,9 +29,15 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Microsoft Security DevOps scanner
+        id: scan
         uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1.12.0
-        id: msdo
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: MSDO SARIF file
+          path: ${{ steps.scan.outputs.sarifFile }}
+          retention-days: 5
       - name: Upload MSDO scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
         with:
-          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+          sarif_file: ${{ steps.scan.outputs.sarifFile }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,16 +32,16 @@ jobs:
       - name: "Run analysis"
         uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
-          results_file: results.sarif
+          results_file: scorecards-results.sarif
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: SARIF file
-          path: results.sarif
+          name: Scorecards SARIF file
+          path: scorecards-results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
         uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
         with:
-          sarif_file: results.sarif
+          sarif_file: scorecards-results.sarif
