fix: [#251] sanitize Docker image names for artifact naming

josecelano · josecelano · commit 5b09357a6cf0 · 2025-12-23T18:46:32.000Z
diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
@@ -106,11 +106,15 @@ jobs:
           exit-code: "1"
           scanners: "vuln" # Focus on CVEs, not secrets
 
+      - name: Sanitize image name for artifact
+        id: sanitize
+        run: echo "name=$(echo '${{ matrix.image }}' | tr '/:' '-')" >> $GITHUB_OUTPUT
+
       - name: Upload SARIF artifact
         uses: actions/upload-artifact@v4
         if: always()
         with:
-          name: sarif-third-party-${{ matrix.image }}
+          name: sarif-third-party-${{ steps.sanitize.outputs.name }}
           path: "trivy-results.sarif"
           retention-days: 30
 
