Merge pull request #7021 from Checkmarx/feature/kicsbot-update-querie…

…s-docs

docs(queries): update queries catalog

.github/workflows/sec-checks.yaml

@@ -16,20 +16,20 @@ jobs:
         with:
           scan-type: 'fs'
           ignore-unfixed: true
-          format: 'json'
-          output: './results.json'
+          format: 'table'
+          output: './results.txt'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
           exit-code: '1'
         # trivy-config: trivy.yaml
       - name: Inspect action report
         if: always()
-        run: cat ./results.json
+        run: cat ./results.txt
       - name: Upload artifact
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: trivy-fs-scan-results
-          path: ./results.json
+          path: ./results.txt
   trivy-docker-image:
     name: Trivy docker image scan
     runs-on: ubuntu-latest
@@ -63,21 +63,21 @@ jobs:
           image-ref: kics:sec-trivy-tests-${{ github.sha }}
           ignore-unfixed: true
           vuln-type: 'os,library'
-          format: 'json'
-          output: './results.json'
+          format: 'table'
+          output: './results.txt'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
           ignore-policy: './trivy-ignore.rego'
         # trivy-config: trivy.image.yaml
           exit-code: '1'
       - name: Inspect action report
         if: always()
-        run: cat ./results.json
+        run: cat ./results.txt
       - name: Upload artifact
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: trivy-docker-image-scan-results
-          path: ./results.json
+          path: ./results.txt
   grype-file-system:
     name: Grype fs scan
     runs-on: ubuntu-latest
@@ -90,18 +90,9 @@ jobs:
         with:
           path: "."
           only-fixed: true
-          output-format: json
+          output-format: table
           severity-cutoff: low
           fail-build: true
-      - name: Inspect action report
-        if: always()
-        run: cat ${{ steps.grype-fs-scan.outputs.json }}
-      - name: Upload artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: grype-fs-scan-results
-          path: ${{ steps.grype-fs-scan.outputs.json }}
   grype-docker-image:
     name: Grype docker image scan
     runs-on: ubuntu-latest
@@ -138,17 +129,8 @@ jobs:
           image: kics:sec-tests-${{ github.sha }}
           only-fixed: true
           severity-cutoff: low
-          output-format: json
+          output-format: table
           fail-build: true
-      - name: upload artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: grype-docker-image-scan-results
-          path: ${{ steps.grype-image-scan.outputs.json }}
-      - name: Inspect action report
-        if: always()
-        run: cat ${{ steps.grype-image-scan.outputs.json }}
   govulncheck-file-system:
     runs-on: ubuntu-latest
     name: govulncheck fs scan

.grype.yaml

@@ -1,4 +1,5 @@
 ignore:
+  - vulnerability: GHSA-4v7x-pqxf-cx7m # False Positive
   - package:
       name: anchore/scan-action
   - package:

docs/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9.md

@@ -83,4 +83,19 @@ jobs:
       with:
         persist-credentials: false
 
-```
+```
+```yaml title="Negative test num. 3 - yaml file"
+name: test-negative3
+on:
+  pull_request:
+    types: [opened, synchronize, edited, reopened]
+    branches:
+      - master
+jobs:
+  test-negative3:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Local action
+      uses: ./test.yml
+
+```