simar7
simar7
We certainly welcome and PRs if you'd like to contribute. Can help review them. Let us know if you need any assistance.
> I'd like to, but I'm not sure how I'd test the option myself (in my fork). Can you elaborate on that? you could locally run the ./entrypoint.sh script that...
hi @akbast - your observation is correct. Trivy today only supports a single output at a time. Trivy GH Action saves the output as SARIF format to send to GitHub...
> hi @simar7, thanks for the fast answer. > > > > Is it a planned that it will be possible to see both output and get issues into security...
hi @dshuvar - the current implementation uses github/codeql-action/upload-sarif which is a GitHub action to upload sarif results to GitHub security panel as you mentioned. There might be other actions available...
Yes that's correct. If you're looking to scan an image the following is an example: ``` $ trivy image alpine:3.10 ``` In this case, scan-type is image, scan-ref is alpine:3.10
hi @ssuganth - that's unusual but it looks like a bug with the GitHub SARIF uploader action. Trivy GitHub Action uses this to send results to the GitHub Security Tab...
I see. I don't have a solution but a suggestion to maybe scan private and public images in separate jobs?
hi @nleconte-csgroup - that's cool, what were you looking to do with it?
hi @nleconte-csgroup - got it. That's a great idea, we'd welcome a PR from you if you decide to contribute one! Let us know how we can help in any...