patrick/vuln-summary
1
0
Fork 0
mirror of https://github.com/patrickbeane/vuln-summary.git synced 2026-03-28 09:45:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: refresh vuln summary (README + JSON)

Browse Source
This commit is contained in:
patrickbeane
2025-10-04 14:00:51 -04:00
parent 443d113ce1
commit 400f73603c
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/update-vuln-summary.yml vendored
View File

@@ -8,9 +8,13 @@ on:
jobs: jobs:
update-summary: update-summary:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write # allow pushing back to the repo
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Fetch sanitized JSON - name: Fetch sanitized JSON
run: | run: |
@@ -20,13 +24,11 @@ jobs:
- name: Extract last scan JSON - name: Extract last scan JSON
run: | run: |
# Save the structured last_scan block for machine readability
jq '.last_scan' trivy_sanitized.json > latest.json jq '.last_scan' trivy_sanitized.json > latest.json
cat latest.json cat latest.json
- name: Build summary string - name: Build summary string
run: | run: |
# Pull fields out for a one-liner summary
summary=$(jq -r '.last_scan | "Last scan: \(.date) — Critical: \(.critical) | High: \(.high) | Medium: \(.medium) | Low: \(.low) | Total: \(.total)"' trivy_sanitized.json) summary=$(jq -r '.last_scan | "Last scan: \(.date) — Critical: \(.critical) | High: \(.high) | Medium: \(.medium) | Low: \(.low) | Total: \(.total)"' trivy_sanitized.json)
echo "SUMMARY=$summary" >> $GITHUB_ENV echo "SUMMARY=$summary" >> $GITHUB_ENV