From 80267f5143651c01af8479b5bcab870cd843adf9 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Mon, 2 Dec 2024 20:13:33 -0500 Subject: [PATCH 01/42] Add slack bot --- .../amazon-cloudwatch-observability-image-scan.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 18b67b9..fc8d6a8 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -82,7 +82,16 @@ jobs: cmd: yq '${{ matrix.container_images.tag }}' charts/amazon-cloudwatch-observability/values.yaml - name: "Scan for vulnerabilities" + id: scan uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH + - name: "Send slack message" + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook-type: webhook-trigger + payload: | + status: "${{ steps.scan.outputs.json }}" + option: "false" From 6f7a788af00ef6dcd1bd265a009ac6eef599dac7 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 11:35:49 -0500 Subject: [PATCH 02/42] enable annotations --- .../amazon-cloudwatch-observability-image-scan.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index fc8d6a8..d7ab7d0 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -82,16 +82,8 @@ jobs: cmd: yq '${{ matrix.container_images.tag }}' charts/amazon-cloudwatch-observability/values.yaml - name: "Scan for vulnerabilities" - id: scan uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH - - name: "Send slack message" - uses: slackapi/slack-github-action@v2.0.0 - with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: webhook-trigger - payload: | - status: "${{ steps.scan.outputs.json }}" - option: "false" + annotations: true From 8fe1f736a53b333c75a50ac64327fb33b0d6d2c7 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 11:44:16 -0500 Subject: [PATCH 03/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index d7ab7d0..3852b5e 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -82,8 +82,15 @@ jobs: cmd: yq '${{ matrix.container_images.tag }}' charts/amazon-cloudwatch-observability/values.yaml - name: "Scan for vulnerabilities" + id: scan uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true + - name: Send a saved artifact to a Slack workflow + uses: slackapi/slack-github-action@v3 + with: + payload-file-path: ${{ steps.scan.outputs.json }} + webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook-type: webhook-trigger From c8fed1a04667dacd2a06bec51b645dbd5327bd29 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 11:46:52 -0500 Subject: [PATCH 04/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 3852b5e..dfbbce0 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true - name: Send a saved artifact to a Slack workflow - uses: slackapi/slack-github-action@v3 + uses: slackapi/slack-github-action@v2.0.0 with: payload-file-path: ${{ steps.scan.outputs.json }} webhook: ${{ secrets.SLACK_WEBHOOK_URL }} From 2509c65a8b11a032cda666193fcd38f7f0e11225 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 11:59:13 -0500 Subject: [PATCH 05/42] Update amazon-cloudwatch-observability-image-scan.yaml --- ...amazon-cloudwatch-observability-image-scan.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index dfbbce0..af8ba70 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,9 +88,21 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true + # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions + - name: "Read json file" + id: set_var + run: | + content=`cat ${{ steps.scan.outputs.json }}` + # the following lines are only required for multi line json + content="${content//'%'/'%25'}" + content="${content//$'\n'/'%0A'}" + content="${content//$'\r'/'%0D'}" + # end of optional handling for multi line json + echo "::set-output name=content::$content" - name: Send a saved artifact to a Slack workflow uses: slackapi/slack-github-action@v2.0.0 with: - payload-file-path: ${{ steps.scan.outputs.json }} webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger + payload: | + results: "${{ steps.set_var.outputs.content }}" From 171a21732cf720f6ba55b85736ca47a0b15c35a9 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 12:01:33 -0500 Subject: [PATCH 06/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index af8ba70..1580a9e 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -99,10 +99,11 @@ jobs: content="${content//$'\r'/'%0D'}" # end of optional handling for multi line json echo "::set-output name=content::$content" + echo "$content" - name: Send a saved artifact to a Slack workflow uses: slackapi/slack-github-action@v2.0.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - results: "${{ steps.set_var.outputs.content }}" + results: "${{ fromJson(steps.set_var.outputs.content) }}" From 41857433bf5488a4cff6d6461ce37e810e7e89c6 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 12:07:16 -0500 Subject: [PATCH 07/42] Update amazon-cloudwatch-observability-image-scan.yaml --- ...n-cloudwatch-observability-image-scan.yaml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 1580a9e..ea5a815 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,21 +89,16 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - name: "Read json file" - id: set_var - run: | - content=`cat ${{ steps.scan.outputs.json }}` - # the following lines are only required for multi line json - content="${content//'%'/'%25'}" - content="${content//$'\n'/'%0A'}" - content="${content//$'\r'/'%0D'}" - # end of optional handling for multi line json - echo "::set-output name=content::$content" - echo "$content" + - run: | + echo 'SCAN_RESULT<> $GITHUB_ENV + cat $${{ steps.scan.outputs.json }} >> $GITHUB_ENV + echo 'EOF' >> $SCAN_RESULT + - run: | + echo '${{ fromJson(env.SCAN_RESULT).version }}' - name: Send a saved artifact to a Slack workflow uses: slackapi/slack-github-action@v2.0.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - results: "${{ fromJson(steps.set_var.outputs.content) }}" + results: "${{ env.SCAN_RESULT }}" From 57916337581efc0a22d3a9477fddd5e62235f837 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 12:08:08 -0500 Subject: [PATCH 08/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index ea5a815..c48e793 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -91,7 +91,7 @@ jobs: # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | echo 'SCAN_RESULT<> $GITHUB_ENV - cat $${{ steps.scan.outputs.json }} >> $GITHUB_ENV + cat ${{ steps.scan.outputs.json }} >> $GITHUB_ENV echo 'EOF' >> $SCAN_RESULT - run: | echo '${{ fromJson(env.SCAN_RESULT).version }}' From 38925d61c242ee593b8763d8032e463328573eb5 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 12:10:40 -0500 Subject: [PATCH 09/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index c48e793..dba2067 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,9 +92,10 @@ jobs: - run: | echo 'SCAN_RESULT<> $GITHUB_ENV cat ${{ steps.scan.outputs.json }} >> $GITHUB_ENV - echo 'EOF' >> $SCAN_RESULT + echo '\nEOF' >> $GITHUB_ENV - run: | - echo '${{ fromJson(env.SCAN_RESULT).version }}' + echo '${{ fromJson(env.SCAN_RESULT) }}' + echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow uses: slackapi/slack-github-action@v2.0.0 with: From 9da5d140a65dedff122804148544674fdbde27ee Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 12:56:55 -0500 Subject: [PATCH 10/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index dba2067..289cb79 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,10 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: | - echo 'SCAN_RESULT<> $GITHUB_ENV - cat ${{ steps.scan.outputs.json }} >> $GITHUB_ENV - echo '\nEOF' >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -c . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV - run: | echo '${{ fromJson(env.SCAN_RESULT) }}' echo '${{ env.SCAN_RESULT }}' From 35387bf30aadfc58fae43dd29a39ddca102d6b50 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:01:57 -0500 Subject: [PATCH 11/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 289cb79..e854dcf 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -91,7 +91,6 @@ jobs: # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -c . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV - run: | - echo '${{ fromJson(env.SCAN_RESULT) }}' echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow uses: slackapi/slack-github-action@v2.0.0 @@ -99,4 +98,4 @@ jobs: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - results: "${{ env.SCAN_RESULT }}" + results: '${{ env.SCAN_RESULT }}' From 048ff96fabc912cfd22fc5d9404707bb01b0c6c6 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:08:31 -0500 Subject: [PATCH 12/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index e854dcf..a9b505d 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -93,6 +93,7 @@ jobs: - run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow + if: success() || failure() uses: slackapi/slack-github-action@v2.0.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} From 60bd8d87e0eaf0f670ebf12084900a844e7b377b Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:10:05 -0500 Subject: [PATCH 13/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index a9b505d..3fc1ede 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -90,7 +90,9 @@ jobs: annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -c . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV - - run: | + if: success() || failure() + - if: success() || failure() + run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow if: success() || failure() From 2ebe3eb373baeeafd56efbd074bf9b51bebb8298 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:28:45 -0500 Subject: [PATCH 14/42] Update amazon-cloudwatch-observability-image-scan.yaml --- ...on-cloudwatch-observability-image-scan.yaml | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 3fc1ede..5f084de 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,17 +88,9 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true - # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -c . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV - if: success() || failure() - - if: success() || failure() - run: | - echo '${{ env.SCAN_RESULT }}' - - name: Send a saved artifact to a Slack workflow - if: success() || failure() - uses: slackapi/slack-github-action@v2.0.0 + - + name: Upload SARIF file + if: ${{ steps.scan.outputs.sarif != '' }} + uses: github/codeql-action/upload-sarif@v2 with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: webhook-trigger - payload: | - results: '${{ env.SCAN_RESULT }}' + sarif_file: ${{ steps.scan.outputs.sarif }} From 518cfc9b6e8972c1e37bd9bee52d7f0bfe3eac43 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:42:14 -0500 Subject: [PATCH 15/42] Update amazon-cloudwatch-observability-image-scan.yaml --- ...on-cloudwatch-observability-image-scan.yaml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 5f084de..57d2ddc 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,9 +88,17 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true - - - name: Upload SARIF file - if: ${{ steps.scan.outputs.sarif != '' }} - uses: github/codeql-action/upload-sarif@v2 + # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions + - run: echo "SCAN_RESULT=$(jq -cR . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + if: success() || failure() + - if: success() || failure() + run: | + echo '${{ env.SCAN_RESULT }}' + - name: Send a saved artifact to a Slack workflow + if: success() || failure() + uses: slackapi/slack-github-action@v2.0.0 with: - sarif_file: ${{ steps.scan.outputs.sarif }} + webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook-type: webhook-trigger + payload: | + results: '${{ env.SCAN_RESULT }}' From 78c2a6210a93137550b1eced8296d1af8d481cf3 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:45:30 -0500 Subject: [PATCH 16/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 57d2ddc..2d5bd5b 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -cR . < ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -cRs . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From c9a6c42b9ca2be1b75a58000a31a532323a30398 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:49:31 -0500 Subject: [PATCH 17/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 2d5bd5b..3b8c61c 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -cRs . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -s . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | @@ -101,4 +101,5 @@ jobs: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - results: '${{ env.SCAN_RESULT }}' + results: >- + ${{ env.SCAN_RESULT }} From aee144c60057b8ff2876f6738bd8c53139272710 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 13:52:09 -0500 Subject: [PATCH 18/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 3b8c61c..a65442d 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -s . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -sc . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From 1e4a6193f85abea820d4a90e81d92da19d192561 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:09:13 -0500 Subject: [PATCH 19/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index a65442d..3b25c01 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -sc . ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + (.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)\n" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From d36abd4acd10ac445d16840ee4faa5dddb2bd6d0 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:14:08 -0500 Subject: [PATCH 20/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 3b25c01..61e7540 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,7 +89,7 @@ jobs: severity_threshold: HIGH annotations: true # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + (.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)\n" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From 59ddc9bbae1c4caf7a35caea9a5112413dbc4b65 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:19:50 -0500 Subject: [PATCH 21/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 61e7540..5e0224d 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,6 +88,7 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true + - run: echo $(jq -r . ${{ steps.scan.outputs.json }}) # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() From ec9662f1ab723384c37a614abe1e5f2340965f66 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:20:41 -0500 Subject: [PATCH 22/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 5e0224d..67a3a98 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,7 +88,7 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true - - run: echo $(jq -r . ${{ steps.scan.outputs.json }}) + - run: echo $(jq -rs . ${{ steps.scan.outputs.json }}) # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() From 6d9f699823adb01e567d1d3692cf01b64dadbfa7 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:29:51 -0500 Subject: [PATCH 23/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 67a3a98..3b55c37 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -88,7 +88,7 @@ jobs: image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }} severity_threshold: HIGH annotations: true - - run: echo $(jq -rs . ${{ steps.scan.outputs.json }}) + - run: cat ${{ steps.scan.outputs.json }} # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() From b85e26c0e146657a85103b814089e3a552df3a9f Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:34:33 -0500 Subject: [PATCH 24/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 3b55c37..4556b36 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -89,6 +89,7 @@ jobs: severity_threshold: HIGH annotations: true - run: cat ${{ steps.scan.outputs.json }} + if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() From 33d230f2c0dfc866ac54c9b7d6599b8ebcb4a580 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:52:11 -0500 Subject: [PATCH 25/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 4556b36..7f04d7b 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -91,7 +91,7 @@ jobs: - run: cat ${{ steps.scan.outputs.json }} if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -r '.[] | "**\(.ArtifactName)**:\n" + ( .Results // empty | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From 27180659e3afc6d4b266646583e0a4b93f3d1245 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 14:53:51 -0500 Subject: [PATCH 26/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 7f04d7b..2f4e00c 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -91,7 +91,7 @@ jobs: - run: cat ${{ steps.scan.outputs.json }} if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: echo "SCAN_RESULT=$(jq -rs '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From 13ba5d6cc86138944efc11b7b20eec75a8173cfb Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:08:06 -0500 Subject: [PATCH 27/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 2f4e00c..2116135 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -91,7 +91,11 @@ jobs: - run: cat ${{ steps.scan.outputs.json }} if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - - run: echo "SCAN_RESULT=$(jq -rs '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }})" >> $GITHUB_ENV + - run: | + SCAN_RESULT=$(jq -rs '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + echo "SCAN_RESULT<> $GITHUB_ENV + echo "$SCAN_RESULT" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV if: success() || failure() - if: success() || failure() run: | From 55f6717f6a7d21cd3b5ddb0c72dffe6a930f9c94 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:10:33 -0500 Subject: [PATCH 28/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 2116135..1f82100 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -rs '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From 694c2d1e4e43a45f60e6f31619c0d5221d79b5ed Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:13:50 -0500 Subject: [PATCH 29/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 1f82100..19541b9 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From 3b1b1fa945bcaedbf866d792d4167f5752a3257f Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:18:25 -0500 Subject: [PATCH 30/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 19541b9..34d0a16 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:\n", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -105,7 +105,12 @@ jobs: uses: slackapi/slack-github-action@v2.0.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: webhook-trigger + webhook-type: incoming-webhook payload: | - results: >- - ${{ env.SCAN_RESULT }} + text: "Image Security Status" + blocks: + - type: "section" + text: + type: "mrkdwn" + text: | + ${{ env.SCAN_RESULT }} From 342bf800ee41329b87d0e3e31920df19c79a1174 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:25:13 -0500 Subject: [PATCH 31/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 34d0a16..b872487 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -105,12 +105,7 @@ jobs: uses: slackapi/slack-github-action@v2.0.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: incoming-webhook + webhook-type: webhook-trigger payload: | - text: "Image Security Status" - blocks: - - type: "section" - text: - type: "mrkdwn" - text: | - ${{ env.SCAN_RESULT }} + results: >- + ${{ env.SCAN_RESULT }} From 02f6c9a9b2d9f183349da020468627290a1e9b33 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:25:33 -0500 Subject: [PATCH 32/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index b872487..5950063 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -r '"**\(.ArtifactName)**:", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "- \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -r '"\(.ArtifactName):", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "* \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From d0ef617dfb76e8b3ca716f16059464b97352769a Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:31:27 -0500 Subject: [PATCH 33/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 5950063..ba029f7 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -108,4 +108,4 @@ jobs: webhook-type: webhook-trigger payload: | results: >- - ${{ env.SCAN_RESULT }} + ${{ env.SCAN_RESULT }} From a208763a5f3a8120fd92c6055803476cd1a31e30 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 15:35:58 -0500 Subject: [PATCH 34/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index ba029f7..bff19fb 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -107,5 +107,5 @@ jobs: webhook: ${{ secrets.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - results: >- + results: | ${{ env.SCAN_RESULT }} From ec02ec84d0eddf214caaba14d5a59fd804b4d171 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:03:32 -0500 Subject: [PATCH 35/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index bff19fb..0fe0db3 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -r '"\(.ArtifactName):", ( .Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "* \(.VulnerabilityID)" ) | @text' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -r '{results: ("\(.ArtifactName):\n" + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", ")))}' ${{ steps.scan.outputs.json }} ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From 139c11e5c99666f8376f4e29fc430dfb2da7373a Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:06:14 -0500 Subject: [PATCH 36/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 0fe0db3..e9ca9d3 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -r '{results: ("\(.ArtifactName):\n" + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", ")))}' ${{ steps.scan.outputs.json }} ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -r '{results: ("\(.ArtifactName):\n" + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", ")))}' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From 18c9818868c026878ab651b89760d1ba25ea077d Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:10:36 -0500 Subject: [PATCH 37/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index e9ca9d3..8304c5f 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -r '{results: ("\(.ArtifactName):\n" + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", ")))}' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -cr '"\(.ArtifactName): " + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", "))' ${{ steps.scan.outputs.json }}) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From f89c1672484c340843093c12176a9a77d4f156d7 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:27:03 -0500 Subject: [PATCH 38/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../amazon-cloudwatch-observability-image-scan.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 8304c5f..b1e67b5 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -102,10 +102,7 @@ jobs: echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow if: success() || failure() - uses: slackapi/slack-github-action@v2.0.0 - with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: webhook-trigger - payload: | - results: | - ${{ env.SCAN_RESULT }} + run: | + curl -X POST "${{ secrets.SLACK_WEBHOOK_URL }}" \ + -H "Content-Type: application/json" \ + -d '{"results": "${{ env.SCAN_RESULT }}"}' From 37d1edafd8717e5819dab8fb2f2fcf1b922bece4 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:33:41 -0500 Subject: [PATCH 39/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index b1e67b5..51f1ced 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -92,7 +92,7 @@ jobs: if: success() || failure() # from https://stackoverflow.com/questions/61919141/read-json-file-in-github-actions - run: | - SCAN_RESULT=$(jq -cr '"\(.ArtifactName): " + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", "))' ${{ steps.scan.outputs.json }}) + SCAN_RESULT=$(jq -cr '"\(.ArtifactName): " + (.Results | .[] | select(.Vulnerabilities != null) | .Vulnerabilities | map(.VulnerabilityID) | join(", "))' ${{ steps.scan.outputs.json }} | cut -c -2999) echo "SCAN_RESULT<> $GITHUB_ENV echo "$SCAN_RESULT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -101,7 +101,7 @@ jobs: run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow - if: success() || failure() + if: success() || failure() || ${{ env.SCAN_RESULT != '' }} run: | curl -X POST "${{ secrets.SLACK_WEBHOOK_URL }}" \ -H "Content-Type: application/json" \ From 0e2739aa3745dbf114cdc97b351b257e6aa1e72f Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:37:39 -0500 Subject: [PATCH 40/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 51f1ced..459cfe9 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -101,7 +101,7 @@ jobs: run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow - if: success() || failure() || ${{ env.SCAN_RESULT != '' }} + if: (success() || failure()) && ${{ env.SCAN_RESULT != '' }} run: | curl -X POST "${{ secrets.SLACK_WEBHOOK_URL }}" \ -H "Content-Type: application/json" \ From 0d975afd1efeeb0194b883741cbcbde6b06289a7 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:39:36 -0500 Subject: [PATCH 41/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index 459cfe9..cc28e92 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -101,7 +101,7 @@ jobs: run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow - if: (success() || failure()) && ${{ env.SCAN_RESULT != '' }} + if: ${{ env.SCAN_RESULT != '' }} run: | curl -X POST "${{ secrets.SLACK_WEBHOOK_URL }}" \ -H "Content-Type: application/json" \ From dfe3a7f21dd30a7455c083f08554f57a97922b38 Mon Sep 17 00:00:00 2001 From: Marcus Mann Date: Tue, 3 Dec 2024 16:42:39 -0500 Subject: [PATCH 42/42] Update amazon-cloudwatch-observability-image-scan.yaml --- .../workflows/amazon-cloudwatch-observability-image-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml index cc28e92..bb9b4a9 100644 --- a/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml +++ b/.github/workflows/amazon-cloudwatch-observability-image-scan.yaml @@ -101,7 +101,7 @@ jobs: run: | echo '${{ env.SCAN_RESULT }}' - name: Send a saved artifact to a Slack workflow - if: ${{ env.SCAN_RESULT != '' }} + if: success() || failure() run: | curl -X POST "${{ secrets.SLACK_WEBHOOK_URL }}" \ -H "Content-Type: application/json" \