Mercurial > p > roundup > code

diff .github/workflows/anchore.yml @ 7044:619563fbe2d3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix version identofier for Anchore scan use anything on v3. Also dump serif output file. Also add id and use ${{ steps.scan.outputs.sarif }} rather than hardcoded file name to match example.
author John Rouillard <rouilj@ieee.org>
date Mon, 07 Nov 2022 19:18:30 -0500
parents 02321d2c8458
children 7442bc16724f
line wrap: on
line diff
--- a/.github/workflows/anchore.yml	Mon Nov 07 19:11:20 2022 -0500
+++ b/.github/workflows/anchore.yml	Mon Nov 07 19:18:30 2022 -0500
@@ -40,7 +40,8 @@
     - name: Build the Docker image
       run: docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest
     - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-      uses: anchore/scan-action@3.3.1
+      uses: anchore/scan-action@v3
+      id: scan
       with:
         image: "localbuild/testimage:latest"
         acs-report-enable: true
@@ -48,4 +49,6 @@
     - name: Upload Anchore Scan Report
       uses: github/codeql-action/upload-sarif@v2
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ steps.scan.outputs.sarif }}
+    - name: Inspect action SARIF report
+      run: cat ${{ steps.scan.outputs.sarif }}
Roundup Issue Tracker: http://roundup-tracker.org/