From 89e29531f070539935a93b6f55d791170ea42e72 Mon Sep 17 00:00:00 2001
From: josh <josh@joshjacobs.net>
Date: Fri, 22 Sep 2023 20:37:00 +0000
Subject: [PATCH] fix: upload sarif file

---
 .github/workflows/docker-build.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 9b37e9a..206925b 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -47,10 +47,16 @@ jobs:
 
       - name: Scan SBOM
         uses: anchore/scan-action@v3
+        id: scan
         with:
           sbom: sbom.spdx.json
           fail-build: false
 
+      - name: upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+
       - name: Changelog
         uses: TriPSs/conventional-changelog-action@v3
         id: changelog