feat: export findings to securityhub

achoimet · achoimet · commit 66959ea0f755 · 2026-01-06T10:40:06.000+01:00
diff --git a/.github/workflows/reusable-cve-scan.yml b/.github/workflows/reusable-cve-scan.yml
@@ -196,8 +196,12 @@ jobs:
           set -euo pipefail
           AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
           export AWS_ACCOUNT_ID
-          # Generate ASFF using Trivy's built-in template
-          trivy convert --format template --template "@contrib/asff.tpl" --output trivy-results.asff trivy-results.json
+          
+          # Download ASFF template explicitly (trivy-action does not ship contrib templates)
+          curl -fsSL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/asff.tpl -o asff.tpl
+          
+          trivy convert --format template --template "@asff.tpl" \
+            --output trivy-results.asff trivy-results.json
 
       - name: Import findings into AWS Security Hub
         if: inputs.add_to_securityhub
