From 73a7b62033fffb27a877793f1cb6bb474a87f2c1 Mon Sep 17 00:00:00 2001
From: Michael Long <mlongii@amazon.com>
Date: Fri, 30 Aug 2024 10:50:18 -0400
Subject: [PATCH 1/4] reproducing issue - test 1

---
 .github/workflows/test_containers.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
index 357dbbd..daf0964 100644
--- a/.github/workflows/test_containers.yml
+++ b/.github/workflows/test_containers.yml
@@ -35,9 +35,21 @@ jobs:
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
         with:
           artifact_type: 'container'
-          artifact_path: 'ubuntu:14.04'
+          artifact_path: 'alpine:latest'
           display_vulnerability_findings: "enabled"
-          sbomgen_version: "1.3.1"
+          sbomgen_version: "1.4.0"
+
+       - name: Display CycloneDX SBOM (JSON)
+         run: cat ${{ steps.inspector.outputs.artifact_sbom }}
+
+       - name: Display Inspector vulnerability scan results (JSON)
+         run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
+
+       - name: Display Inspector vulnerability scan results (CSV)
+         run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
+
+       - name: Display Inspector vulnerability scan results (Markdown)
+         run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
 
       - name: Display scan results
         run: cat ${{ steps.inspector.outputs.inspector_scan_results }}

From 868c84215cdebd8ae38ae9982702621d1999924e Mon Sep 17 00:00:00 2001
From: Michael Long <mlongii@amazon.com>
Date: Fri, 30 Aug 2024 10:56:49 -0400
Subject: [PATCH 2/4] resolve issue 85 - test 2

---
 .github/workflows/test_containers.yml | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
index daf0964..881e0d4 100644
--- a/.github/workflows/test_containers.yml
+++ b/.github/workflows/test_containers.yml
@@ -35,24 +35,12 @@ jobs:
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
         with:
           artifact_type: 'container'
-          artifact_path: 'alpine:latest'
+          artifact_path: 'ubuntu:14.04'
           display_vulnerability_findings: "enabled"
-          sbomgen_version: "1.4.0"
+          sbomgen_version: "1.3.1"
 
-       - name: Display CycloneDX SBOM (JSON)
-         run: cat ${{ steps.inspector.outputs.artifact_sbom }}
-
-       - name: Display Inspector vulnerability scan results (JSON)
-         run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
-
-       - name: Display Inspector vulnerability scan results (CSV)
-         run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
-
-       - name: Display Inspector vulnerability scan results (Markdown)
-         run: cat ${{ steps.inspector.outputs.inspector_scan_results_markdown }}
-
-      - name: Display scan results
-        run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
+      - name: Display scan results (CSV)
+        run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
 
       - name: Validate scan content
         run: python3 validator/validate_inspector_scan.py --file ${{ steps.inspector.outputs.inspector_scan_results }}

From fdaa8badd0eaacf542ff6edc58aa063583c51fb6 Mon Sep 17 00:00:00 2001
From: Michael Long <mlongii@amazon.com>
Date: Fri, 30 Aug 2024 10:58:26 -0400
Subject: [PATCH 3/4] test 3

---
 .github/workflows/test_containers.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
index 881e0d4..b76434d 100644
--- a/.github/workflows/test_containers.yml
+++ b/.github/workflows/test_containers.yml
@@ -35,9 +35,9 @@ jobs:
         uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.3
         with:
           artifact_type: 'container'
-          artifact_path: 'ubuntu:14.04'
+          artifact_path: 'alpine:latest'
           display_vulnerability_findings: "enabled"
-          sbomgen_version: "1.3.1"
+          sbomgen_version: "1.4.0"
 
       - name: Display scan results (CSV)
         run: cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}

From e2531cf225c57bd232f86f143f7d44550998ad22 Mon Sep 17 00:00:00 2001
From: Michael Long <mlongii@amazon.com>
Date: Fri, 30 Aug 2024 12:08:25 -0400
Subject: [PATCH 4/4] test fix

---
 entrypoint/entrypoint/orchestrator.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/entrypoint/entrypoint/orchestrator.py b/entrypoint/entrypoint/orchestrator.py
index 500a5e1..40d5d7f 100644
--- a/entrypoint/entrypoint/orchestrator.py
+++ b/entrypoint/entrypoint/orchestrator.py
@@ -344,10 +344,6 @@ def install_sbomgen(args):
 
 
 def write_pkg_vuln_report_csv(out_scan_csv, scan_result: exporter.InspectorScanResult):
-    if scan_result.total_vulns() == 0:
-        logging.info("skipping package vulnerability CSV report because no vulnerabilities were detected")
-        return
-
     csv_output = exporter.to_csv(scan_result)
 
     logging.info(f"writing package vulnerability CSV report to: {out_scan_csv}")