find osv-scanner.json

kikofernandez · kikofernandez · commit 1d4dcb8b9819 · 2025-05-06T12:00:31.000+02:00
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -439,15 +439,22 @@ jobs:
       # check that PRs do not introduce vulnerabilities in vendor dependencies
       - name: 'Vendor Vulnerability Scanning'
         run: |
-          docker run -v $PWD/:/github -v $HOME:$HOME otp \
-            "/github/.github/scripts/otp-compliance.es sbom osv-scan"
+          docker run -v $PWD/:/github otp \
+            "/github/.github/scripts/otp-compliance.es sbom osv-scan && echo \"foo=$(find /github -name osv-scanner.json)\""
+
+
+      - name: Find osv-scanner.json
+        run: |
+          OSV=$(find . -name osv-scanner.json)
+          echo "all=${OSV}" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
 
        # Upload the deps
       - name: "upload osv-scanner deps"
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4.6.2
         with:
           name: converted-OSV-Scanner-deps
-          path: $PWD/osv-scanner.json
+          path: /home/runner/osv-scanner.json
           retention-days: 2
 
   scan-pr:
