fix(ci): fix security scans

WeblateOrg · Jan 20, 2025 · fa07114 · fa07114
1 parent 6f20f4e
commit fa07114
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
@@ -90,6 +90,8 @@ jobs:
     runs-on: ubuntu-24.04
     name: Anchore Container Scan, ${{ matrix.architecture }}
     needs: [build]
+    permissions:
+      security-events: write
     strategy:
       matrix:
         architecture: [linux/amd64]
@@ -113,19 +115,18 @@ jobs:
       uses: actions/checkout@v4
     - name: Anchore scan action
       uses: anchore/scan-action@v6
+      id: scan
       with:
         image: weblate/locale_lint:test
         fail-build: false
-        acs-report-enable: true
-        severity-cutoff: high
     - name: Upload Anchore Scan Report
       uses: github/codeql-action/upload-sarif@v3
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ steps.scan.outputs.sarif }}
     - uses: actions/upload-artifact@v4
       with:
         name: Anchore scan SARIF
-        path: results.sarif
+        path: ${{ steps.scan.outputs.sarif }}
 
   trivy:
     runs-on: ubuntu-24.04
@@ -136,6 +137,8 @@ jobs:
         architecture: [linux/amd64]
     env:
       MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
+    permissions:
+      security-events: write
     steps:
     - uses: actions/checkout@v4
     - name: Set up Docker Buildx