From 01058857baffa5a497036434f7e5a5f9e8cdc895 Mon Sep 17 00:00:00 2001 From: Pram Gurusinga Date: Fri, 22 Nov 2024 11:10:49 +0100 Subject: [PATCH] feat: better scan log output on failure --- .github/workflows/scan.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index dac8be8e81..828bd5cfc4 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -58,7 +58,17 @@ jobs: - name: Check trivy results run: | if grep -qE 'HIGH|CRITICAL' trivy-results.sarif; then - echo "Vulnerabilities found" + echo "Vulnerabilities found:" + + jq -r ' + .runs[].results[] | + "Rule ID: \(.ruleId)\n" + + "Package: \(.message.text | split("\n")[0] | ltrimstr("Package: "))\n" + + "Installed Version: \(.message.text | split("\n")[1] | ltrimstr("Installed Version: "))\n" + + "Severity: \(.message.text | split("\n")[2] | ltrimstr("Severity: "))\n" + + "\(.message.text | split("\n")[4] | ltrimstr("Link: "))\n" + ' trivy-results.sarif + # Exit with error status exit 1 else echo "No significant vulnerabilities found"