update trivy-analysis.yml

cisagov · Sep 13, 2024 · 6a02d2a · 6a02d2a
1 parent b4ce800
commit 6a02d2a
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/.github/workflows/trivy-analysis.yml b/.github/workflows/trivy-analysis.yml
@@ -17,7 +17,7 @@ jobs:
         with:
           format: "sarif"
           output: "trivy-dotnet-results.sarif"
-          scan-type: "repo"
+          scan-type: "fs"
           scan-ref: "./CSETWebApi"
           severity: "CRITICAL,HIGH"
 
@@ -37,14 +37,14 @@ jobs:
       - name: Run vulnerability scanner
         uses: aquasecurity/[email protected]
         with:
-          #   format: "sarif"
-          #   output: "trivy-nodejs-results.sarif"
-          scan-type: "repo"
+          format: "sarif"
+          output: "trivy-nodejs-results.sarif"
+          scan-type: "fs"
           scan-ref: "./CSETWebNg"
           severity: "CRITICAL,HIGH"
 
-    #   - name: Upload scan results to Security tab
-    #     uses: github/codeql-action/upload-sarif@v3
-    #     with:
-    #       category: "Node.js"
-    #       sarif_file: "trivy-nodejs-results.sarif"
+      - name: Upload scan results to Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          category: "Node.js"
+          sarif_file: "trivy-nodejs-results.sarif"