From 6145432177f56dd314f2a3a8d4ef9f8f04cbc5d7 Mon Sep 17 00:00:00 2001
From: Henry McConville <henry.mcconville@dojo.tech>
Date: Tue, 30 Apr 2024 11:28:32 +0100
Subject: [PATCH 1/3] Add trivy workflow permissions

---
 .github/workflows/container-scan.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
index 022586a..f0e3b56 100644
--- a/.github/workflows/container-scan.yml
+++ b/.github/workflows/container-scan.yml
@@ -8,6 +8,11 @@ jobs:
   container-scan:
     name: Container Scan
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

From 53f06efa7b3da8066529258090637e190ac8cc11 Mon Sep 17 00:00:00 2001
From: Henry McConville <henry.mcconville@dojo.tech>
Date: Tue, 30 Apr 2024 11:38:28 +0100
Subject: [PATCH 2/3] testing

---
 .github/workflows/container-scan.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
index f0e3b56..a80dedd 100644
--- a/.github/workflows/container-scan.yml
+++ b/.github/workflows/container-scan.yml
@@ -25,11 +25,12 @@ jobs:
       - name: Run Trivy
         uses: aquasecurity/trivy-action@master
         with:
+          scan-type: image
           image-ref: 'githubexporter/github-exporter:${{ steps.get-current-version.outputs.version }}'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+#          format: 'sarif'
+#          output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'

From 8f6f9fab6f2c8bb025e7eabf980d53cd57916335 Mon Sep 17 00:00:00 2001
From: Henry McConville <henry.mcconville@dojo.tech>
Date: Tue, 30 Apr 2024 11:41:40 +0100
Subject: [PATCH 3/3] restore sarif

---
 .github/workflows/container-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
index a80dedd..3d0698c 100644
--- a/.github/workflows/container-scan.yml
+++ b/.github/workflows/container-scan.yml
@@ -27,8 +27,8 @@ jobs:
         with:
           scan-type: image
           image-ref: 'githubexporter/github-exporter:${{ steps.get-current-version.outputs.version }}'
-#          format: 'sarif'
-#          output: 'trivy-results.sarif'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3