Kshitiz-Mhto commented on code in PR #1438:
URL: https://github.com/apache/streampipes/pull/1438#discussion_r1158775198
##########
.github/workflows/osv-scanner.yml:
##########
@@ -21,15 +21,23 @@ on:
jobs:
run-osv-scanner:
+
name: Run OSV Scanner
runs-on: ubuntu-latest
+
steps:
+
- name: Checkout
uses: actions/checkout@v3
+
+ - name: Pull OSV Scanner Docker image
+ run: docker pull ghcr.io/google/osv-scanner:latest
Review Comment:
i did try it in my repo, with this approach bt i am having trouble
generating the `VULNERABILITY.md` file that will contain the results. I
implemented as:
```
- name: Scan for vulnerabilities
id: osv_scan
uses: docker://ghcr.io/google/osv-scanner:latest
with:
args: --format markdown -r .
continue-on-error: true
```
- i cannot place ` grep -vE '^Scanned.*packages$' > VULNERABILITY.md` in
args
- i tried with ${{ steps.osv_scan.outputs.stdout }}, ${{
steps.osv_scan.outputs.result }} in another step but didnot work
- if we use 3rd party action related to artifacts, it will just make it
more complex
- if we use `outputs:` to define the output of the osv-scanner job then we
will need to create another job to use that output
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
