Skip to content

Commit

Permalink
feat(security): parse JSON scan results into markdown table
Browse files Browse the repository at this point in the history
Keep JSON output for New Relic integration while adding JQ-based parsing to generate readable table format for PR comments
  • Loading branch information
bilals12 committed Dec 11, 2024
1 parent 2a4ab9a commit f821a59
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions container-scan/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,7 @@ runs:
IMAGE_NAME: ${{ env.IMAGE_NAME }}
IMAGE_TAG: ${{ inputs.image-tag }}
SAVE_RESULTS_IN_LACEWORK: true
PRETTY_OUTPUT: true
RESULTS_IN_GITHUB_SUMMARY: true
ADDITIONAL_PARAMETERS: "--save-results=true"
ADDITIONAL_PARAMETERS: "-j"

- name: Check Lacework Scan Results File
run: |
Expand All @@ -92,13 +90,15 @@ runs:

- name: Format Results for PR
run: |
echo "## Lacework Inline Scanner Results" > pr-results.md
echo "<details><summary>Click to expand</summary>" >> pr-results.md
echo "<pre>" >> pr-results.md
cat results.stdout >> pr-results.md
echo "</pre>" >> pr-results.md
echo "</details>" >> pr-results.md
shell: bash
echo "## Container Security Scan Results" > pr-results.md
echo "### Vulnerability Summary" >> pr-results.md
echo "| Severity | Count | Fixable | Exceptions |" >> pr-results.md
echo "|----------|--------|----------|------------|" >> pr-results.md
jq -r '.cve | "| Critical | \(.critical_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md
jq -r '.cve | "| High | \(.high_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md
jq -r '.cve | "| Medium | \(.medium_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md
jq -r '.cve | "| Low | \(.low_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md
jq -r '.cve | "| Info | \(.info_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md
- name: Check for Previous Report Comment
id: find-comment
Expand Down

0 comments on commit f821a59

Please sign in to comment.