Skip to content

Action that converts Azure Container Scan Action output to SARIF

Notifications You must be signed in to change notification settings

rm3l/container-scan-to-sarif-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 

Repository files navigation

Container Scan To SARIF action

This action converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for an easier integration with GitHub Code Scanning.

It uses the standalone converter executable from container-scan-to-sarif.

Inputs

converter-version

Optional Version of the container-scan-to-sarif tool. See https://github.com/rm3l/container-scan-to-sarif/releases. Default "0.7.3".

input-file

Required Path to the input Container Scan report to convert.

output-file

Optional Path to the output SARIF report to generate. Default "scanreport.sarif"

Outputs

sarif-report-path

Path to the SARIF report generated.

Example usage

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      #
      # Below are permissions required for the upload-sarif Action.
      # More details here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github
      #

      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: read
      contents: read
    steps:
      - name: Scan Container Image
        id: scan
        uses: Azure/[email protected]
        with:
          image-name: my-container-image
    
      - name: Convert Container Scan Report to SARIF
        id: scan-to-sarif
        uses: rm3l/container-scan-to-sarif-action@v1
        if: ${{ always() }}
        with:
          input-file: ${{ steps.scan.outputs.scan-report-path }}

      - name: Upload SARIF reports to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: ${{ always() }}
        with:
          sarif_file: ${{ steps.scan-to-sarif.outputs.sarif-report-path }}