Added additional step to submit results from IaC to GitHub Actions

Author: Rafael Miranda

.github/workflows/iac_scanner.yml

@@ -22,20 +22,28 @@ jobs:
           wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
           echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
           sudo apt-get update && sudo apt-get install -yq trivy
+
   build:
     name: IaC Scan
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Run Trivy vulnerability scanner in fs mode
         uses: aquasecurity/trivy-action@master
         with:
           scan-type: "fs"
           scanners: "misconfig"
           scan-ref: "."
           hide-progress: false
-          format: "table"
+          format: "sarif"
           ignore-unfixed: true
-          # severity: "HIGH,CRITICAL,MEDIUM"
-          # exit-code: 1
+          output: "trivy-results.sarif"
+          severity: "HIGH,CRITICAL,MEDIUM"
+
+      - name: Upload Trivy results to GitHub Actions
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: "trivy-results.sarif"