Feat: Support Multiple Images Scans to be Reported for Single PR

daisytimms2-nhs · web-flow · commit 8d4cc5cd3987 · 2025-12-09T14:05:31.000Z
Previously the marocchino/sticky-pull-request-comment@v2 pull request header field was populated with a fixed value, so multiple image scans would all update the same PR comment and overwrite each other.
This updates the header id to match the artifact name, allowing each for each image scan to update a separate PR comment.
diff --git a/image-scan/action.yml b/image-scan/action.yml
@@ -55,6 +55,7 @@ runs:
     - name: Trivy image scan
       uses: aquasecurity/trivy-action@0.28.0
       with:
+        scan-type: 'image'
         image-ref: ${{ inputs.image-ref }}
         format: json
         output: trivy-image-scan.json
@@ -130,7 +131,7 @@ runs:
       if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork }}
       uses: marocchino/sticky-pull-request-comment@v2
       with:
-        header: trivy-image-scan
+        header: ${{ inputs.artifact-name }}
         path: trivy_image_report.md
 
     - name: Check Trivy Issue Thresholds
