From f821a59def94ea7add6727bfa21c91ccf2d30050 Mon Sep 17 00:00:00 2001 From: bilals12 Date: Wed, 11 Dec 2024 10:23:14 -0500 Subject: [PATCH] feat(security): parse JSON scan results into markdown table Keep JSON output for New Relic integration while adding JQ-based parsing to generate readable table format for PR comments --- container-scan/action.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/container-scan/action.yaml b/container-scan/action.yaml index f624a1f..e68fb58 100644 --- a/container-scan/action.yaml +++ b/container-scan/action.yaml @@ -76,9 +76,7 @@ runs: IMAGE_NAME: ${{ env.IMAGE_NAME }} IMAGE_TAG: ${{ inputs.image-tag }} SAVE_RESULTS_IN_LACEWORK: true - PRETTY_OUTPUT: true - RESULTS_IN_GITHUB_SUMMARY: true - ADDITIONAL_PARAMETERS: "--save-results=true" + ADDITIONAL_PARAMETERS: "-j" - name: Check Lacework Scan Results File run: | @@ -92,13 +90,15 @@ runs: - name: Format Results for PR run: | - echo "## Lacework Inline Scanner Results" > pr-results.md - echo "
Click to expand" >> pr-results.md - echo "
" >> pr-results.md
-        cat results.stdout >> pr-results.md
-        echo "
" >> pr-results.md - echo "
" >> pr-results.md - shell: bash + echo "## Container Security Scan Results" > pr-results.md + echo "### Vulnerability Summary" >> pr-results.md + echo "| Severity | Count | Fixable | Exceptions |" >> pr-results.md + echo "|----------|--------|----------|------------|" >> pr-results.md + jq -r '.cve | "| Critical | \(.critical_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md + jq -r '.cve | "| High | \(.high_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md + jq -r '.cve | "| Medium | \(.medium_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md + jq -r '.cve | "| Low | \(.low_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md + jq -r '.cve | "| Info | \(.info_vulnerabilities) | \(.fixable_vulnerabilities) | 0 |"' results.stdout >> pr-results.md - name: Check for Previous Report Comment id: find-comment