3434 output : kubesec-results.sarif
3535 exit-code : " 0"
3636
37+ - name : Validate SARIF file
38+ id : validate
39+ run : |
40+ if [ -f kubesec-results.sarif ] && [ -s kubesec-results.sarif ]; then
41+ # Check if the SARIF has valid runs array with at least one result
42+ if jq -e '.runs | length > 0' kubesec-results.sarif > /dev/null 2>&1; then
43+ echo "valid=true" >> $GITHUB_OUTPUT
44+ else
45+ echo "SARIF file has no runs, skipping upload"
46+ echo "valid=false" >> $GITHUB_OUTPUT
47+ fi
48+ else
49+ echo "SARIF file is empty or missing, skipping upload"
50+ echo "valid=false" >> $GITHUB_OUTPUT
51+ fi
52+
3753name : Upload Kubesec scan results to GitHub Security tab
38- uses : github/codeql-action/upload-sarif@v3
54+ if : steps.validate.outputs.valid == 'true'
55+ uses : github/codeql-action/upload-sarif@v4
3956 with :
4057 sarif_file : kubesec-results.sarif
4158
5572 output : kubesec-results.sarif
5673 exit-code : " 0"
5774
75+ - name : Validate SARIF file
76+ id : validate
77+ run : |
78+ if [ -f kubesec-results.sarif ] && [ -s kubesec-results.sarif ]; then
79+ # Check if the SARIF has valid runs array with at least one result
80+ if jq -e '.runs | length > 0' kubesec-results.sarif > /dev/null 2>&1; then
81+ echo "valid=true" >> $GITHUB_OUTPUT
82+ else
83+ echo "SARIF file has no runs, skipping upload"
84+ echo "valid=false" >> $GITHUB_OUTPUT
85+ fi
86+ else
87+ echo "SARIF file is empty or missing, skipping upload"
88+ echo "valid=false" >> $GITHUB_OUTPUT
89+ fi
90+
5891name : Upload Kubesec scan results to GitHub Security tab
59- uses : github/codeql-action/upload-sarif@v3
92+ if : steps.validate.outputs.valid == 'true'
93+ uses : github/codeql-action/upload-sarif@v4
6094 with :
6195 sarif_file : kubesec-results.sarif
0 commit comments