From 00b26e9c76f32057cf0f798adcfe4cb165136ce7 Mon Sep 17 00:00:00 2001
From: RockfordMankiniUCSD
 <92760584+RockfordMankiniUCSD@users.noreply.github.com>
Date: Fri, 23 Feb 2024 06:37:26 -0800
Subject: [PATCH] Update build.yml

---
 .github/workflows/build.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2a7df34..3b9a075 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -72,3 +72,19 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          
+      - name: Scan for vulnerabilities
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ steps.meta.outputs.tags }}
+
+      - name: Filter out non-critical vulns
+        run: |
+          mv /tmp/container-scan*/ /tmp/container-scan/ && cat /tmp/container-scan/result.json | jq '.Results[0].Vulnerabilities[] | select(.Severity=="CRITICAL")' > /tmp/container-scan/critical.json
+      
+      - name: Archive container scan results
+        uses: actions/upload-artifact@v3
+        with:
+          name: container-scan-results
+          path: | 
+            /tmp/container-scan*