From 971d8384dfbf3bae843d469e2ad4065b9e6af729 Mon Sep 17 00:00:00 2001
From: stevensrtw <50691414+stevensrtw@users.noreply.github.com>
Date: Mon, 23 Sep 2024 15:42:34 -0400
Subject: [PATCH] Update main.yml

---
 .github/workflows/main.yml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4ea7c51..fbc47b2 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -86,9 +86,21 @@ jobs:
 
                 echo "Exploded $jarfile into $exploded_dir"
           done
+      
       - name: Scan a specific path with Trivy
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'fs'
-          path: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/target'  # Replace with the actual path you want to scan
-          severity: 'CRITICAL,HIGH'
+          scan-type: 'fs'  # Filesystem scan
+          path: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/target'
+          format: 'json'  # Output in JSON format
+          output: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/trivy-results.json'  # Save results to trivy-results.json file
+
+      - name: Covert Trivy to CSV 
+        run: |
+          jq -r '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | [.SeveritySource, .VulnerabilityID, .PkgName, .PkgPath, .InstalledVersion, .FixedVersion, .Status, .Severity] | @csv' /home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/trivy-results.json > OHDSI-ArachneCommons.csv
+      - name: Upload Reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-reports
+          path: |
+            OHDSI-ArachneCommons.csv