[CONFIG] [Gihub Actions] Snyk Container analysis: enable sarif output

Gonzalo Diaz · Gonzalo Diaz · commit 45478b39f76f · 2024-07-09T19:44:55.000-04:00
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -141,7 +141,17 @@ jobs:
         with:
           image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
           args: --file=Dockerfile
-
+      # yamllint disable rule:line-length
+      # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
+      - name: Replace security-severity undefined for license-related findings
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
+          sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
+      # yamllint enable rule:line-length
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'snyk.sarif'
   scan:
     name: "Trivy"
     runs-on: ubuntu-latest
