feat: Build a full SARIF report even if under accepted severity level. (#73 )

Signed-off-by: Simar <simar@linux.com>
2021-10-26 17:45:53 -07:00
1 changed files with 11 additions and 0 deletions
@@ -111,3 +111,14 @@ fi
 echo "Running trivy with options: ${ARGS}" "${artifactRef}"
 echo "Global options: " "${GLOBAL_ARGS}"
 trivy $GLOBAL_ARGS ${scanType} $ARGS ${artifactRef}
+returnCode=$?
+
+# SARIF is special. We output all vulnerabilities,
+# regardless of severity level specified in this report.
+# This is a feature, not a bug :)
+if [[ ${template} == *"sarif"* ]]; then
+  echo "Building SARIF report"
+  trivy --quiet ${scanType} --format template --template ${template} --output ${output} ${artifactRef}
+fi
+
+exit $returnCode