fix yaml

RyosukeDTomita · Dec 16, 2023 · f170cb2 · f170cb2
1 parent d928a09
commit f170cb2
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.github/workflows/react-dependency-check.yaml b/.github/workflows/react-dependency-check.yaml
@@ -16,13 +16,17 @@ jobs:
           uses: actions/checkout@v3
 
         - name: use trivy
-          uses: aquasecurity/trivy-action@v0.2.0
+          uses: aquasecurity/trivy-action@v0.16.0
           with:
             scan-type: 'fs'
             exit-code: 1
             scanners: 'vuln'
             vuln-type: 'library'
             hide-progress: true
             format: table
-            output: 'sca-report.txt'
+            output: 'sca-report.sarif'
             severity: CRITICAL,HIGH
+        - name: upload result
+          uses: github/codeql-action/upload-sarif@v2
+          with:
+            sarif_file: 'sca-report.sarif'
diff --git a/.github/workflows/react-semgrep.yaml b/.github/workflows/react-semgrep.yaml
@@ -1,5 +1,6 @@
 name: Semgrep Full Scan
-
+# sarifファイルをアップロードするために事前にgithubのリソースに対するアクセス権を与える必用がある。
+#リポジトリの設定から --> Code and automation --> Actions --> GeneralのWorkflow permissionsをRead and write permissionsに[参考画像](../../doc/fig/semgrep_upgrade_grant.png)
 on:
   push:
   schedule:

diff --git a/doc/fig/semgrep_upgrade_grant.png b/doc/fig/semgrep_upgrade_grant.png