From 1ccef265f594a7555a720f623a461a3d69b45bf7 Mon Sep 17 00:00:00 2001
From: Simar <1254783+simar7@users.noreply.github.com>
Date: Tue, 26 Oct 2021 17:45:53 -0700
Subject: [PATCH] feat: Build a full SARIF report even if under accepted
 severity level. (#73)

Signed-off-by: Simar <simar@linux.com>
---
 entrypoint.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/entrypoint.sh b/entrypoint.sh
index d039151..4e9a751 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -111,3 +111,14 @@ fi
 echo "Running trivy with options: ${ARGS}" "${artifactRef}"
 echo "Global options: " "${GLOBAL_ARGS}"
 trivy $GLOBAL_ARGS ${scanType} $ARGS ${artifactRef}
+returnCode=$?
+
+# SARIF is special. We output all vulnerabilities,
+# regardless of severity level specified in this report.
+# This is a feature, not a bug :)
+if [[ ${template} == *"sarif"* ]]; then
+  echo "Building SARIF report"
+  trivy --quiet ${scanType} --format template --template ${template} --output ${output} ${artifactRef}
+fi
+
+exit $returnCode