feat: SARIF file success or failure

arturmon · Jul 26, 2023 · 65b22b1 · 65b22b1
1 parent e16cd47
commit 65b22b1
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -72,6 +72,20 @@ jobs:
         with:
           directory: container-image-scannig
           framework: dockerfile
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+
+        # Results are generated only on a success or failure
+        # this is required since GitHub by default won't run the next step
+        # when the previous one has failed. Security checks that do not pass will 'fail'.
+        # An alternative is to add `continue-on-error: true` to the previous step
+        # Or 'soft_fail: true' to checkov.
+        if: success() || failure()
+        with:
+          sarif_file: results.sarif
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2