From c50c3cbe228db1ec8f9b240439b2be8ef90c830b Mon Sep 17 00:00:00 2001
From: lwih <louis.hache@beta.gouv.fr>
Date: Fri, 29 Dec 2023 15:21:42 +0100
Subject: [PATCH] CI - push trivy report for postgres to security tab

---
 .github/workflows/release.yml | 4 ++--
 .github/workflows/trivy.yml   | 9 +++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4d8870cd..eebb817d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,8 +1,8 @@
 name: "Release"
 
 on:
-  push:
-    branches: [ "main" ]
+  #  push:
+  #    branches: [ "main" ]
   release:
     types: [ published ]
 
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 2a8c0296..dda6aaa2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -68,7 +68,7 @@ jobs:
             ENV_PROFILE=${{ env.ENV_PROFILE }}
             GITHUB_SHA=${{ github.sha }}
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy on Docker build
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "ghcr.io/mtes-mct/rapportnav2/rapportnav-app:${{ github.sha }}"
@@ -76,7 +76,7 @@ jobs:
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
 
-      - name: Run Trivy on Postgres
+      - name: Run Trivy on Postgres image
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: "postgres:15.5-alpine"
@@ -88,3 +88,8 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
+
+      - name: Upload Postgres Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "postgres-trivy-results.sarif"