Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
check-circle

GitHub Action

container-scan-to-sarif-action

v1.2.1

container-scan-to-sarif-action

check-circle

container-scan-to-sarif-action

Converts Container Scan Action output to SARIF

Installation

Copy and paste the following snippet into your .yml file.

              

- name: container-scan-to-sarif-action

uses: rm3l/[email protected]

Learn more about this action in rm3l/container-scan-to-sarif-action

Choose a version

Container Scan To SARIF action

This action converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for an easier integration with GitHub Code Scanning.

It uses the standalone converter excutable from container-scan-to-sarif.

Inputs

converter-version

Optional Version of the container-scan-to-sarif tool. See https://github.com/rm3l/container-scan-to-sarif/releases. Default "0.2.2".

input-file

Required Path to the input Container Scan report to convert.

output-file

Optional Path to the output SARIF report to generate. Default "scanreport.sarif"

Outputs

sarif-report-path

Path to the SARIF report generated. Relative to the GitHub Workspace.

Example usage

- name: Scan Container Image
  id: scan
  uses: Azure/[email protected]
  with:
    image-name: my-container-image
    
- name: Convert Container Scan Report to SARIF
  id: scan-to-sarif
  uses: rm3l/[email protected]
  if: ${{ always() }}
  with:
    converter-version: 0.2.2
    input-file: ${{ steps.scan.outputs.scan-report-path }}

- name: Upload SARIF reports to GitHub Security tab
  uses: github/codeql-action/upload-sarif@v1
  if: ${{ always() }}
  with:
    sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}