test: Make the GoSec scanning more robust.

northwood-labs · Dec 20, 2023 · e5a810a · e5a810a
1 parent 1c2bc3c
commit e5a810a
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
@@ -31,4 +31,10 @@ jobs:
       - name: Run Gosec Security Scanner
         uses: securego/gosec@55d79496019a560e16e73e1948dee20a1fad631a # v2.18.2
         with:
-          args: ./...
+          args: -fmt sarif -out results.sarif ./...
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif