find osv-scanner.json

Author: kikofernandez

.github/scripts/otp-compliance.es

@@ -1218,16 +1218,14 @@ generate_vendor_purl(Package) ->
 
 osv_scan(_) ->
     application:ensure_all_started([ssl, inets]),
-    URI = "https://api.osv.dev/v1/querybatch",
-    Format = "application/x-www-form-urlencoded",
-    File = "osv-scanner.json",
 
     VendorSrcFiles = find_vendor_src_files("."),
     Packages = generate_vendor_info_package(VendorSrcFiles),
 
     %% Test if this works in a Github Workflow
     OSVQueryResults = generate_osv_results(Packages),
-    file:write_file(File, json:format(OSVQueryResults)).
+    io:format("~s", [json:format(OSVQueryResults)]).
+    %% file:write_file(File, json:format(OSVQueryResults)).
 
     %% OSVQuery = generate_osv_query(Packages),
 %%     io:format("[OSV] Information sent~n~s~n", [json:format(OSVQuery)]),

.github/workflows/main.yaml

@@ -439,15 +439,22 @@ jobs:
       # check that PRs do not introduce vulnerabilities in vendor dependencies
       - name: 'Vendor Vulnerability Scanning'
         run: |
-          docker run -v $PWD/:/github -v $HOME:$HOME otp \
-            "/github/.github/scripts/otp-compliance.es sbom osv-scan"
+          docker run -v $PWD/:/github otp \
+            "/github/.github/scripts/otp-compliance.es sbom osv-scan > /github/osv-scanner.json"
+
+
+      # - name: Find osv-scanner.json
+      #   run: |
+      #     OSV=$(find . -name osv-scanner.json)
+      #     echo "all=${OSV}" >> $GITHUB_OUTPUT
+      #     cat $GITHUB_OUTPUT
 
        # Upload the deps
       - name: "upload osv-scanner deps"
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected]
         with:
           name: converted-OSV-Scanner-deps
-          path: $PWD/osv-scanner.json
+          path: /home/runner/osv-scanner.json
           retention-days: 2
 
   scan-pr: