testing CSV with no vulns

Michael Long · Michael Long · commit 561f140812b1 · 2024-08-30T14:59:48.000-04:00
diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
@@ -35,12 +35,12 @@ jobs:
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
         with:
           artifact_type: 'container'
-          artifact_path: 'alpine:latest'
+          artifact_path: 'ubuntu:14.04'
           display_vulnerability_findings: "enabled"
-          sbomgen_version: "1.4.0"
+          sbomgen_version: "1.3.1"
 
-      - name: Display scan results (CSV)
-        run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
+      - name: Display scan results
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
 
       - name: Validate scan content
         run: python3 validator/validate_inspector_scan.py --file ${{ steps.inspector.outputs.inspector_scan_results }}
diff --git a/.github/workflows/test_csv_no_vulns.yml b/.github/workflows/test_csv_no_vulns.yml
@@ -0,0 +1,37 @@
+name: Test CSV no vulns
+
+on:
+  push:
+    branches: #
+      - '*'
+
+jobs:
+  daily_job:
+    runs-on: ubuntu-latest
+    environment:
+      name: plugin-development
+
+    steps:
+
+      - name: Checkout this repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+
+      - name: Test container scan
+        id: inspector
+        uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
+        with:
+          artifact_type: 'container'
+          artifact_path: 'alpine:latest'
+          display_vulnerability_findings: "enabled"
+          sbomgen_version: "latest"
+
+      - name: Display scan results
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
