From d2f10423fb0d3c0d249c1793d583e8a9c2f2a4e7 Mon Sep 17 00:00:00 2001
From: Matt Bishop <mbishop@bitwarden.com>
Date: Thu, 8 Aug 2024 13:21:59 -0400
Subject: [PATCH] Add container scanning (#164)

* Add container scanning

* Use correct image name
---
 .github/workflows/build.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 117ac09..47a45e6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -90,3 +90,16 @@ jobs:
           platforms: linux/amd64
           push: true
           tags: ${{ steps.image-name.outputs.name }}
+
+      - name: Scan Docker image
+        id: container-scan
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
+        with:
+          image: ${{ steps.image-name.outputs.name }}
+          fail-build: false
+          output-format: sarif
+
+      - name: Upload Grype results to GitHub
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        with:
+          sarif_file: ${{ steps.container-scan.outputs.sarif }}