@@ -139,9 +139,32 @@ jobs:
139139 - name : Fail build if scans failed
140140 if : ${{ (steps.grype-scan.outcome == 'failure' || steps.trivy-scan.outcome == 'failure') && matrix.target == 'production' && github.ref != 'refs/heads/main' }}
141141 run : |
142- echo "One or more scans failed. Failing the build."
143- echo "Grype scan outcome: ${{ steps.grype-scan.outcome }}"
144- echo "Trivy scan outcome: ${{ steps.trivy-scan.outcome }}"
142+ echo "## Scan Results" >> $GITHUB_STEP_SUMMARY
143+
144+ if [ "${{ steps.grype-scan.outcome }}" == "failure" ]; then
145+ echo "### Grype Vulnerabilities" >> $GITHUB_STEP_SUMMARY
146+ echo "| Severity | CVE | Package | Details |" >> $GITHUB_STEP_SUMMARY
147+ echo "|----------|-----|---------|---------|" >> $GITHUB_STEP_SUMMARY
148+ jq -r '.runs[].results[] | "| \(.level) | \(.ruleId) | \(.message.text | split("\n")[0]) | \(.message.text | split("\n")[1:3] | join(", ")) |"' \
149+ "${{ steps.grype-scan.outputs.sarif }}" >> $GITHUB_STEP_SUMMARY
150+ echo "::group::Grype Vulnerabilities"
151+ jq -r '.runs[].results[] | "\(.level)\t\(.ruleId)\t\(.message.text)"' \
152+ "${{ steps.grype-scan.outputs.sarif }}"
153+ echo "::endgroup::"
154+ fi
155+
156+ if [ "${{ steps.trivy-scan.outcome }}" == "failure" ]; then
157+ echo "### Trivy Vulnerabilities" >> $GITHUB_STEP_SUMMARY
158+ echo "| Severity | CVE | Package | Details |" >> $GITHUB_STEP_SUMMARY
159+ echo "|----------|-----|---------|---------|" >> $GITHUB_STEP_SUMMARY
160+ jq -r '.runs[].results[] | "| \(.level) | \(.ruleId) | \(.message.text | split("\n")[0]) | \(.message.text | split("\n")[1:3] | join(", ")) |"' \
161+ "trivy-reports-dotnet-${{ matrix.image.netVersion }}" >> $GITHUB_STEP_SUMMARY
162+ echo "::group::Trivy Vulnerabilities"
163+ jq -r '.runs[].results[] | "\(.level)\t\(.ruleId)\t\(.message.text)"' \
164+ "trivy-reports-dotnet-${{ matrix.image.netVersion }}"
165+ echo "::endgroup::"
166+ fi
167+
145168 exit 1
146169
147170name : Login to DockerHub
0 commit comments