Skip to content

feature: update trivy scanner uploads #4658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 29, 2025
Merged

feature: update trivy scanner uploads #4658

merged 2 commits into from
May 29, 2025

Conversation

itsmostafa
Copy link
Collaborator

@itsmostafa itsmostafa commented May 21, 2025
edited
Loading

This pull request updates the .github/workflows/trivy-analysis.yml file to streamline the process of uploading Trivy scan results to GitHub's Security tab. The changes replace the use of actions/upload-artifact and associated steps with the github/codeql-action/upload-sarif action, simplifying the workflow and removing redundant artifact merging steps.

Workflow simplification:

  • .github/workflows/trivy-analysis.yml: Replaced actions/upload-artifact with github/codeql-action/upload-sarif for uploading SARIF files directly to the GitHub Security tab. This change eliminates the need for intermediate artifact upload and merging steps for both .NET and Node.js scan results. [1] [2]

🗣 Description

💭 Motivation and context

🧪 Testing

tested locally

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@itsmostafa itsmostafa marked this pull request as ready for review May 29, 2025 16:05
@randywoods randywoods merged commit 7e2afdb into develop May 29, 2025
3 checks passed
@randywoods randywoods deleted the feature/update-trivy-scanner-upload branch May 29, 2025 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@randywoods randywoods randywoods approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itsmostafa @randywoods