ci: fix image scan result upload (#41)

* ci: fix scanning * ci: fix scanning * ci: 🌿 * ci: add `format` * ci: add more inputs * ci: remove test
dvsa · Jul 11, 2024 · 336a068 · 336a068
1 parent f47ef74
commit 336a068
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -173,11 +173,12 @@ jobs:
         uses: aquasecurity/trivy-action@0.23.0
         with:
           image-ref: ${{ steps.build-and-push.outputs.imageid }}
-          format: 'sarif'
           exit-code: '1'
           ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "MEDIUM,HIGH,CRITICAL"
+          limit-severities-for-sarif: true
 
       - name: Upload Trivy scan results to GitHub Code Scanning
         if: ${{ always() && !cancelled() && steps.scan.outcome == 'success' || steps.scan.outcome == 'failure' }}