From 118e3234b938b9e3196e1e4a73117e2f21ba5601 Mon Sep 17 00:00:00 2001
From: Robert Waffen <rwaffen@gmail.com>
Date: Fri, 19 Apr 2024 11:48:48 +0200
Subject: [PATCH] try to differentiate sraif files to make trivy work again

---
 .github/workflows/ci.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4990885..af141e2 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -57,14 +57,13 @@ jobs:
         with:
           image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}'
           format: 'sarif'
-          output: 'trivy-results.sarif'
+          output: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
-          matrix: ${{ toJson(matrix) }}
+          sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif'
 
       # - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
       #   uses: aquasecurity/trivy-action@master