feat: Build a full SARIF report even if under accepted severity level. (

#73) Signed-off-by: Simar <[email protected]>
aquasecurity · Oct 27, 2021 · 1ccef26 · 1ccef26
1 parent d62898d
commit 1ccef26
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -111,3 +111,14 @@ fi
 echo "Running trivy with options: ${ARGS}" "${artifactRef}"
 echo "Global options: " "${GLOBAL_ARGS}"
 trivy $GLOBAL_ARGS ${scanType} $ARGS ${artifactRef}
+returnCode=$?
+
+# SARIF is special. We output all vulnerabilities,
+# regardless of severity level specified in this report.
+# This is a feature, not a bug :)
+if [[ ${template} == *"sarif"* ]]; then
+  echo "Building SARIF report"
+  trivy --quiet ${scanType} --format template --template ${template} --output ${output} ${artifactRef}
+fi
+
+exit $returnCode