From 0ca10be0b10e74993e05edc1bbf25972a267b4cc Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Thu, 9 Jan 2025 15:10:12 +0200
Subject: [PATCH] Add all docker images to trivy scan (#2188)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---
 .github/workflows/trivy-scan.yml | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
index cb3f74372..b3a2ef05c 100644
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -13,7 +13,7 @@ jobs:
 
     permissions:
       contents: read
-      packages: read
+      # needed for trivy scans upload
       security-events: write
 
     steps:
@@ -57,8 +57,29 @@ jobs:
             ./trivy image "${IMAGE}" --ignore-unfixed --ignorefile .github/workflows/.trivyignore --severity HIGH,CRITICAL --vuln-type library --output "scans/eclipse-hawkbit/$IMAGE.sarif" --format sarif
           done
 
+      - name: Upload Docker image scan results to GitHub Security tab hawkbit-ddi-server
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'scans/eclipse-hawkbit/hawkbit/hawkbit-ddi-server:latest.sarif'
+          category: "Container Images (hawkbit-ddi-server)"
+      - name: Upload Docker image scan results to GitHub Security tab hawkbit-dmf-server
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'scans/eclipse-hawkbit/hawkbit/hawkbit-dmf-server:latest.sarif'
+          category: "Container Images (hawkbit-dmf-server)"
+      - name: Upload Docker image scan results to GitHub Security tab hawkbit-mgmt-server
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'scans/eclipse-hawkbit/hawkbit/hawkbit-mgmt-server:latest.sarif'
+          category: "Container Images (hawkbit-mgmt-server)"
+      - name: Upload Docker image scan results to GitHub Security tab hawkbit-simple-ui
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'scans/eclipse-hawkbit/hawkbit/hawkbit-simple-ui:latest.sarif'
+          category: "Container Images (hawkbit-simple-ui)"
+
       - name: Upload Docker image scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'scans/eclipse-hawkbit/hawkbit/hawkbit-update-server:latest.sarif'
-          category: "Container Images"
\ No newline at end of file
+          category: "Container Images (hawkbit-update-server)"
\ No newline at end of file