You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
container-scan-to-sarif-action
v1.2.1
This action converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for an easier integration with GitHub Code Scanning.
It uses the standalone converter excutable from container-scan-to-sarif.
Optional Version of the container-scan-to-sarif tool. See https://github.com/rm3l/container-scan-to-sarif/releases. Default "0.2.2"
.
Required Path to the input Container Scan report to convert.
Optional Path to the output SARIF report to generate. Default "scanreport.sarif"
Path to the SARIF report generated. Relative to the GitHub Workspace.
- name: Scan Container Image
id: scan
uses: Azure/[email protected]
with:
image-name: my-container-image
- name: Convert Container Scan Report to SARIF
id: scan-to-sarif
uses: rm3l/[email protected]
if: ${{ always() }}
with:
converter-version: 0.2.2
input-file: ${{ steps.scan.outputs.scan-report-path }}
- name: Upload SARIF reports to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
if: ${{ always() }}
with:
sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}