You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Considering the output that trivy comes up for container image scans, which doesn't reference to any file nor location that reviewdog sees... I suppose that might be why there's nothing to reference to and the result is just nothing (even with setting filter mode to nofilter)?
At best, I could add a trivy flag to also output to a file, and have that file be included as a PR comment... But then comes the fact that the file would be in sarif format. Not very useful from a human-readable standpoint. :)
The text was updated successfully, but these errors were encountered:
@Darwiner I think reviewdog on image scanning is not suitable for GitHub PR. As you said, in GitHub PR, we (and the reviewer) can not comment on other than changed lines. So, we can add comments without any changed lines, but they don't need to be reviewed.
Has anyone been able to get any useful output from combining trivy + reviewdog for container image scanning?
I would have hoped to keep using https://github.com/reviewdog/action-trivy for both
fs
scans (which works great) as much asimage
scans (and not have to also use https://github.com/reviewdog/action-trivy forimage
scans), but I'm not finding any method to get any useful output in any way.Considering the output that trivy comes up for container image scans, which doesn't reference to any file nor location that reviewdog sees... I suppose that might be why there's nothing to reference to and the result is just nothing (even with setting filter mode to
nofilter
)?At best, I could add a trivy flag to also output to a file, and have that file be included as a PR comment... But then comes the fact that the file would be in sarif format. Not very useful from a human-readable standpoint. :)
The text was updated successfully, but these errors were encountered: