Skip to content
check-circle

GitHub Action

container-scan-to-sarif-action

v1.7.1 Latest version

container-scan-to-sarif-action

check-circle

container-scan-to-sarif-action

Converts Container Scan Action output to SARIF

Installation

Copy and paste the following snippet into your .yml file.

              

- name: container-scan-to-sarif-action

uses: rm3l/[email protected]

Learn more about this action in rm3l/container-scan-to-sarif-action

Choose a version

Container Scan To SARIF action

This action converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for an easier integration with GitHub Code Scanning.

It uses the standalone converter executable from container-scan-to-sarif.

Inputs

converter-version

Optional Version of the container-scan-to-sarif tool. See https://github.com/rm3l/container-scan-to-sarif/releases. Default "0.7.3".

input-file

Required Path to the input Container Scan report to convert.

output-file

Optional Path to the output SARIF report to generate. Default "scanreport.sarif"

Outputs

sarif-report-path

Path to the SARIF report generated.

Example usage

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      #
      # Below are permissions required for the upload-sarif Action.
      # More details here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github
      #

      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: read
      contents: read
    steps:
      - name: Scan Container Image
        id: scan
        uses: Azure/[email protected]
        with:
          image-name: my-container-image
    
      - name: Convert Container Scan Report to SARIF
        id: scan-to-sarif
        uses: rm3l/container-scan-to-sarif-action@v1
        if: ${{ always() }}
        with:
          input-file: ${{ steps.scan.outputs.scan-report-path }}

      - name: Upload SARIF reports to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: ${{ always() }}
        with:
          sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}