feat: better scan log output on failure

digitalservicebund · Nov 22, 2024 · 0105885 · 0105885
1 parent e06f0dc
commit 0105885
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -58,7 +58,17 @@ jobs:
       - name: Check trivy results
         run: |
           if grep -qE 'HIGH|CRITICAL' trivy-results.sarif; then
-            echo "Vulnerabilities found"
+            echo "Vulnerabilities found:"
+
+            jq -r '
+              .runs[].results[] |
+              "Rule ID: \(.ruleId)\n" +
+              "Package: \(.message.text | split("\n")[0] | ltrimstr("Package: "))\n" +
+              "Installed Version: \(.message.text | split("\n")[1] | ltrimstr("Installed Version: "))\n" +
+              "Severity: \(.message.text | split("\n")[2] | ltrimstr("Severity: "))\n" +
+              "\(.message.text | split("\n")[4] | ltrimstr("Link: "))\n"
+            ' trivy-results.sarif
+            # Exit with error status
             exit 1
           else
             echo "No significant vulnerabilities found"