From fa07114a0d9d7b608dbe908ad2d03a5a972c9317 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Mon, 20 Jan 2025 10:55:00 +0100
Subject: [PATCH] fix(ci): fix security scans

---
 .github/workflows/dockerimage.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
index b7422ff..1eddd17 100644
--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@@ -90,6 +90,8 @@ jobs:
     runs-on: ubuntu-24.04
     name: Anchore Container Scan, ${{ matrix.architecture }}
     needs: [build]
+    permissions:
+      security-events: write
     strategy:
       matrix:
         architecture: [linux/amd64]
@@ -113,19 +115,18 @@ jobs:
       uses: actions/checkout@v4
     - name: Anchore scan action
       uses: anchore/scan-action@v6
+      id: scan
       with:
         image: weblate/locale_lint:test
         fail-build: false
-        acs-report-enable: true
-        severity-cutoff: high
     - name: Upload Anchore Scan Report
       uses: github/codeql-action/upload-sarif@v3
       with:
-        sarif_file: results.sarif
+        sarif_file: ${{ steps.scan.outputs.sarif }}
     - uses: actions/upload-artifact@v4
       with:
         name: Anchore scan SARIF
-        path: results.sarif
+        path: ${{ steps.scan.outputs.sarif }}
 
   trivy:
     runs-on: ubuntu-24.04
@@ -136,6 +137,8 @@ jobs:
         architecture: [linux/amd64]
     env:
       MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
+    permissions:
+      security-events: write
     steps:
     - uses: actions/checkout@v4
     - name: Set up Docker Buildx