Merge pull request #4147 from zhzhuang-zju/uploadsarif

ci: upload trivy scan results to GitHub Security tab
2023-10-19 10:07:23 +08:00 · 2023-10-19 10:07:23 +08:00 · dcf0685f88
parent 557348fea0 67af072709
commit dcf0685f88
1 changed files with 6 additions and 2 deletions
--- a/.github/workflows/ci-image-scanning.yaml
+++ b/.github/workflows/ci-image-scanning.yaml
@ -33,7 +33,11 @@ jobs:
        uses: aquasecurity/trivy-action@0.12.0
        with:
          image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
-          format: 'table'
+          format: 'sarif'
          ignore-unfixed: true
          vuln-type: 'os,library'
-          exit-code: '1'
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'