cds-snc · ascheid · Nov 17, 2022 · Nov 17, 2022
diff --git a/.github/actions/docker-scan/action.yml b/.github/actions/docker-scan/action.yml
@@ -13,19 +13,22 @@ runs:
     - name: Install Trivy
       run: |
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.34.0
+      shell: bash
 
     - name: run trivy docker
-        run: |
-          trivy image \
-            --format github \
-            --vuln-type os,library \
-            --security-checks vuln \
-            --output dependency-results.sbom.json \
-            ${{ inputs.docker_image }}
+      run: |
+        trivy image \
+          --format github \
+          --vuln-type os,library \
+          --security-checks vuln \
+          --output dependency-results.sbom.json \
+          ${{ inputs.docker_image }}
+      shell: bash
 
     - name: replace apk with alpine
       run: |
         sed -i 's/pkg:apk/pkg:alpine/g' dependency-results.sbom.json
+      shell: bash
 
     - name: upload sbom to github
       run: |
@@ -34,6 +37,7 @@ runs:
           -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' \
           'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' \
           -d @dependency-results.sbom.json
+      shell: bash
 
     - name: run docker vulnerability scanner
       uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5