thucke · thucke · May 21, 2026 · May 21, 2026 · May 21, 2026
diff --git a/.github/trivy-markdown.tpl b/.github/trivy-markdown.tpl
@@ -0,0 +1,56 @@
+{{- if . }}
+{{- range . }}
+<h3>Target <code>{{ escapeXML .Target }}</code></h3>
+{{- if (eq (len .Vulnerabilities) 0) }}
+<h4>No Vulnerabilities found</h4>
+{{- else }}
+<h4>Vulnerabilities ({{ len .Vulnerabilities }})</h4>
+<table>
+    <tr>
+        <th>Package</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+    </tr>
+    {{- range .Vulnerabilities }}
+    <tr>
+        <td><code>{{ escapeXML .PkgName }}</code></td>
+        <td>{{ escapeXML .VulnerabilityID }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>{{ escapeXML .InstalledVersion }}</td>
+        <td>{{ escapeXML .FixedVersion }}</td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- if (eq (len .Misconfigurations ) 0) }}
+<h4>No Misconfigurations found</h4>
+{{- else }}
+<h4>Misconfigurations</h4>
+<table>
+    <tr>
+        <th>Type</th>
+        <th>ID</th>
+        <th>Check</th>
+        <th>Severity</th>
+        <th>Message</th>
+    </tr>
+    {{- range .Misconfigurations }}
+    <tr>
+        <td>{{ escapeXML .Type }}</td>
+        <td>{{ escapeXML .ID }}</td>
+        <td>{{ escapeXML .Title }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>
+          {{ escapeXML .Message }}
+          <br><a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a></br>
+        </td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- end }}
+{{- else }}
+<h3>Trivy Returned Empty Report</h3>
+{{- end }}
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -87,17 +87,28 @@ jobs:
         uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: '${{ env.REGISTRY }}/${{ needs.preparation.outputs.repo }}/${{ matrix.folder }}:${{ env.TARGET_IMAGE_BASETAG }}'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          #format: 'sarif'
+          #output: 'trivy-results.sarif'
+          format: 'template'
+          output: 'trivy-results.md'
+          template: "@.github/trivy-markdown.tpl"
           severity: 'CRITICAL,HIGH'
           ignore-unfixed: true
         env:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
           INPUT_LIMIT_SEVERITIES_FOR_SARIF: true
           TARGET_IMAGE_BASETAG: ${{ env.TARGET_IMAGE_BASETAG }}
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v4
+      - name: Upload Trivy scan results as Markdows report
         if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
+        run: |
+          echo "# Trivy Scan Results for ${{ matrix.folder }}:${{ env.TARGET_IMAGE_BASETAG }}" > ${GITHUB_STEP_SUMMARY}
+          cat trivy-results.md >> ${GITHUB_STEP_SUMMARY}
+          echo "Trivy scan results uploaded as Markdown report"
+        env:
+          TARGET_IMAGE_BASETAG: ${{ env.TARGET_IMAGE_BASETAG }}
+      #- name: Upload Trivy scan results to GitHub Security tab
+      #  uses: github/codeql-action/upload-sarif@v4
+      #  if: always()
+      #  with:
+      #    sarif_file: 'trivy-results.sarif'