trivy-action How can I send Trivy scan results to another cloud-native / open-source security product?

How can I send Trivy scan results to another cloud-native / open-source security product?

Open dshuvar opened this issue 3 years ago • 1 comments

For example, this part of code for github action send scan result to GH security tab your repo.

- name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: 'payment-service-trivy-results.sarif'

How can I send Trivy scan results to another (something other than github security) cloud-native / open-source security product/panel?

Aug 20 '21 11:08 dshuvar

hi @dshuvar - the current implementation uses github/codeql-action/upload-sarif which is a GitHub action to upload sarif results to GitHub security panel as you mentioned.

There might be other actions available out there for your use or you could simply do a curl POST request to an endpoint you want to send to in order to do this. The GitHub sarif report is available inside of the runtime workspace when the GitHub Actions runs.

Aug 20 '21 18:08 simar7

trivy-action trivy-action copied to clipboard

How can I send Trivy scan results to another cloud-native / open-source security product?

trivy-action
trivy-action copied to clipboard